NORC at the University of Chicago is an objective, nonpartisan, nonprofit academic research organization serving the public interest by delivering objective ana
Senior IT Risk and Compliance Analyst
Location
Illinois + 1 moreAll locations: Illinois | District Of Columbia
Posted
7 days ago
Salary
$97K - $120K / year
Seniority
Senior
Job Description
Senior IT Risk and Compliance Analyst
NORC at the University of Chicago
Title: Senior IT Risk and Compliance Analyst Location: Washington, DC - D.C. - Washington DC Job Description: JOB SUMMARY: NORC at the University of Chicago seeks Senior IT Risk and Compliance Analyst to join our DSS Security and Compliance group. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations. The team is responsible for specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. The team develops and implements tools and processes to measure and track IT risk and compliance metrics. The team provides guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. The team conducts risk assessments and security impact analyses of information systems. Location: This is a hybrid role based in our Chicago Loop or Washington, DC office, with a minimum of six days per month in the office. Remote candidates may also be considered. Qualified applicants must be U.S. citizens due to security clearance requirements for projects. DEPARTMENT: Digital Services & Solutions Security & Compliance NORC's Digital Services & Solutions group provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research. RESPONSIBILITIES: - Work with the team in specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security. requirements of clients (principally Government) and corporate standards for data and systems integrity. - - Help develop and implement tools and processes to measure and track IT risk and compliance metrics. - - Provide guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. - - Assist the team with conducting risk assessments and security impact analyses of information systems. - REQUIRED SKILLS: Education and Certifications: - Bachelor’s degree in computer science, Information Technology, or a related field (or equivalent years of experience). - - Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications. - General Experience: - Minimum of 4 years of experience in information security roles, emphasizing security architecture and engineering solutions. - - Proven experience in performing network penetration testing, vulnerability scans, and configuration analysis. - - Experience overseeing project penetration testing activities. - - Preferred experience as an ISO for federal programs and projects. - - Experience coordinating communications across vendors, internal stakeholders, and program owners. - - Experience using CSAM - ATO Experience: - In-depth knowledge and experience guiding information systems through the Authorization to Operate (ATO) process: - - Proficient in navigating the complex landscape of ATO processes, demonstrating a successful track record in obtaining authorizations for information systems - - Extensive knowledge of the steps involved in the ATO process, ensuring compliance with government regulations and standards, including NIST Special Publications and FISMA - - A proven ability to streamline and expedite ATO timelines without compromising security standards, showcasing efficiency in documentation and regulatory adherence - - Expertise in developing and presenting comprehensive ATO documentation, including System Security Plans, to accrediting authorities and other relevant stakeholders - - Demonstrated skill in addressing and mitigating security risks identified during the ATO process, ensuring the secure operation of systems in various environments - - Exceptional communication skills to articulate ATO requirements, progress, and challenges to both technical and non-technical stakeholders, fostering collaboration and understanding. Risk Management Experience: - Demonstrated experience in developing threat models and security risk assessments. - - Ability to recommend mitigations and countermeasures to address identified risks, vulnerabilities, and threats. - - Experience conducting incident response across vendors, internal stakeholders, and program owners, including implementing, and coordinating the response plan, overseeing the technical response, and coordinating with legal, technical, and communications teams. Compliance and Documentation: - Thorough understanding and experience with government regulations and standards related to information security. - - In-depth knowledge of security compliance checks and the ability to perform audit activities. - - Experience in reviewing and validating security documentation, including system security requirements definition and System Security Plans. - - Experience conducting penetration testing across multiple vendors, contractors, and consultants that meet stringent client requirements. Communication and Guidance: - Strong communication skills with the ability to guide NORC customers on information security policies and regulations. - Ability to effectively communicate complex security concepts to both technical and non-technical stakeholders. SALARY AND BENEFITS: The pay range for this position is $97,000 - $120,000. This position is classified as regular. Regular staff are eligible for NORC’s comprehensive benefits program. Benefits include, but are not limited to: - Generously subsidized health insurance, effective on the first day of employment - Dental and vision insurance - A defined contribution retirement program, along with a separate voluntary 403(b) retirement program - Group life insurance, long-term and short-term disability insurance - Benefits that promote work/life balance, including generous paid time off, holidays; paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP). NORC is committed to equity and transparency in its pay practices. We publish salary ranges and benefit information for every job. The listed hiring range reflects what we, in good faith, expect to pay at the time of posting, though actual compensation may vary and may be adjusted over time. A candidate’s placement within the range depends on factors such as competencies, education, qualifications, experience, skills, performance, and organizational needs. WHAT WE DO: NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge. WHO WE ARE: For over 80 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale. EEO STATEMENT: NORC is an equal opportunity employer. NORC evaluates qualified applicants without regard to race, color, religion, sex, gender, national origin, disability, status as a protected veteran, sexual orientation, and other legally protected characteristics. #LI-MS1
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
Compliance Analyst – 2
New Hampshire Mutual BancorpA steward of mutual banking values in local communities throughout NH. Join our team! www.nhmutual.com/careers
• Conduct risk-based compliance monitoring, testing, and documentation for retail banking, lending, HMDA, and operational compliance areas • Support HMDA LAR data integrity through validation, exception research, remediation tracking, and annual submission support • Analyze compliance issues, identify root causes and trends, and recommend practical corrective actions • Prepare workpapers, testing results, compliance metrics, issue summaries, and management-ready documentation • Partner with business lines, Compliance Management, audit, and examination stakeholders to communicate findings and support timely remediation • Assist with regulatory change management, including research, impact assessments, procedure updates, testing, and implementation documentation
• Support SOX year‑end and quarter‑end close‑out activities, including: o Evidence finalization and quality review o Control testing close‑out coordination o Deficiency and remediation tracking • Respond to auditor follow‑up requests and inquiries • Ensure SOX documentation and evidence are complete, accurate, and audit‑ready • Support SOC 2 audit execution, including: o Evidence coordination and submission o Control documentation maintenance o Tracking and responding to auditor requests • Assist with remediation documentation and management responses, as needed • Assist with ISO 27001 ISMS program development and enhancement, including: o Supporting policy, procedure, and control documentation o Aligning controls and evidence to ISO requirements o Preparing materials for readiness or certification activities • Support internal stakeholders operationalizing ISO 27001 requirements • Support ISO 27701 (Privacy Information Management System) build‑out, including: o Documentation of privacy controls, roles, and responsibilities o Mapping privacy requirements to existing ISO 27001 controls where applicable o Supporting evidence collection and audit readiness • Assist with broader data privacy compliance efforts, including: o Maintaining privacy documentation and evidence o Supporting privacy risk assessments and compliance tracking • Support EU AI regulatory readiness and AI governance initiatives, including: o Assisting with AI use case inventory and documentation o Supporting AI risk assessments and governance workflows o Aligning organizational practices to ISO 42001 (AI Management System) requirements • Assist with development of AI policies, procedures, and compliance artifacts • Provide hands‑on administration of Hyperproof, including: o Managing evidence requests and workflows o Maintaining control, framework, and evidence mappings o Supporting auditor portals and compliance dashboards • Ensure data quality and consistency across programs and framework • Support management of the KnowBe4 security awareness training program, including: o Campaign execution and tracking o Completion monitoring and reporting o Supporting audit and compliance evidence needs • Monitor and manage the privacy inbox, including: o Assist in intake, triage, and tracking of privacy‑related requests o Oversee coordination with Legal, Security, and IT stakeholders o Ensuring timely and documented responses
Specialist, Customs Compliance
ChanelWith global headquarters in Neuilly-sur-Seine, France, Chanel is a world-renowned fashion house that also specializes in fragrances, skin care, jewelry, and oth
Title:Specialist, Customs Compliance Location: PISCATAWAY, NJ United States Job Description: At Chanel, we are focused on creating an inclusive culture that nurtures personal growth, contributing to collective progress. We believe the uniqueness of each individual increases the diversity, complementarity and effectiveness of our teams. We strongly encourage your application, as we value the perspective, experience and potential you could bring to CHANEL. About the role: CHANEL is looking for a customs compliance specialist to join our Customs & Regulatory Compliance team in Piscataway, NJ. You will play a leading role in facilitating the customs regulatory compliance needs across fashion, watches, fine jewelry, fragrance, and beauty divisions to ensure on time entry into the US market. This role interfaces with US legal, US F&B regulatory, Global fashion regulatory, and Global supply chain teams across fashion, watches & fine jewelry, fragrance & beauty and is a key partner for US merchandising, fashion account management, press and celebrity relations, and finance. Our ideal candidate will have 3 years of experience in the customs compliance space. What impact you can create at CHANEL: Customs Compliance: - Perform USHTS classification for fashion, WFJ, F&B, and non-sellable materials - Review product compositions for compliance flags (i.e. FWS, APHIS, FDA) - Review of imports for compliance with TSCA and Lacey Act compliance - Manage import data requirements and cross functional coordination with relevant teams - Keep up with changing import tariff regulations (i.e. 232, 301) and communicate the changes to the business - Knowledge of Trade Remedy issues, such as ADD/CVD. - Answer CF28/29 requests from CBP as required with support from legal counsel Import/Export Processing: - Support the cross-border coordination of Press and VIP movements - Communicate import requirements to global and US teams to ensure wheels-up entry on time for all imports - Investigate and answer broker questions across all inbound shipments - Generate pro forma's as needed for export - Review pre-alerts to ensure all required data is available before import, and escalate missing data as needed to Global teams - Attend weekly customs broker meeting to address import issues - Manage priority imports based on business-critical needs - Ensure import KPI's are met, highlighting impacts to the business and solutions when issues arise. Data Analysis: - Data entry for import/export of high-jewelry loan items as needed - Pull ACE reports to capture Chanel's duty monthly spend - Ability to work across different reporting systems (i.e SAP, OrliWeb, MMS, My Tower) - Comfort with PowerBI and Microsoft systems You are energized by: - Working in a highly collaborative environment - Navigating complexity - Collaborating with international teams - Working independently through challenges - Eye for detail and issue identification - Connecting the dots between teams What you will bring to the team: - A degree in business administration, supply chain management, finance, compliance - A licensed customs broker - Experience importing and exporting consumer goods, strong preference for fashion and beauty products Position Logistics: - Partially Remote: Role requires a minimum of three days in-person office presence in Piscataway, NJ. - 3 years minimum experience in customs compliance (minimum- this is also valuable in the intro paragraph.) - Education Requirements: Bachelors in supply chain, law, regulatory affairs Compensation: - The anticipated base salary range for this position is $61,400- 95,000. Base salary is one component of the total compensation for this position. Other forms of variable pay [may/will] be offered for this position. Other components [may/will] include bonus potential, benefits, and/or perks. Benefits and Perks: - Wellbeing resources include dedicated paid time off for wellbeing and a Wellbeing fund - Family and care giving benefits (inclusive of parental leave, fertility support, MilkStork, and Care.com Membership) - Generous paid time off policies to include vacation, holiday, sick and volunteer days - 401K and other incentives - Robust healthcare offerings; medical, dental, vision, MDLIVE (virtual care), One Medical, Flexible Spending Accounts (Health Care & Dependent Care), Health Savings Account and Employee Assistance Program - Life insurance, Accidental Death & Dismemberment, Short Term Disability, Long Term Disability, Health Advocate, International Business Travel Accident & Medical, and Commuter Transit & Parking Additional Information: Chanel is a private company whose values are grounded in creating the conditions for people to perform at their best and feel fulfilled and confident in their work. We offer a unique work environment where individuals are encouraged to better understand the brand, the business, and motivations, so that together we can unlock the possibilities of growth. This is reflected in: Diversity and Inclusion: - At CHANEL, we are intentional in promoting Diversity & Inclusion. We foster respect, empathy and dignity for all. We believe strongly that the diversity of our people across the full spectrum of human differences is essential to our organisation and the connections we have with each other and our clients. - We offer Employee Resource Groups in the US that are voluntary, open to all, employee-led groups formed around a shared identity or lived experience, whose aim is to foster a diverse, inclusive, and equitable community aligned with the values and missions of the communities they support. Chanel Community: - CHANEL Community empowers our employees to channel their passions, talents and sense of purpose to contribute to and learn from our communities. - Employees are encouraged to take time off annually to volunteer through CHANEL Community. CHANEL also matches employee donations to select charitable organizations. Sustainability: - CHANEL Mission 1.5° is our climate action plan. It is focused on transforming the business in line with the ambitions of the Paris Agreement on climate change to limit the average global mean temperature increase to 1.5 degrees Celsius above preindustrial levels. - Employees are encouraged to contribute to our US Sustainability efforts at the corporate level and within the divisions, through organized taskforces and initiatives. Arts and Culture: - We are committed to extending our legacy of cultural engagement. Global support includes the CHANEL Culture Fund, which supports a select group of leading art culture institutions across the globe, and the CHANEL Next Prize for the next generation of creative talent. US support currently includes Annual sponsorship of the MoMA film program, Tribeca Film Festival programs and Through Her Lens, Support of the Academy Gold Fellowship for Women and Sponsorship of the BAAND Together Dance Festival at Lincoln Center. Fondation Chanel: - Since 2011, Fondation CHANEL's mission is for women and girls to be free to shape their own destiny. Through multi-year partnerships with financial and technical support, Fondation CHANEL is committed to improving the safety and autonomy of women and adolescent girls around the world, impacting over a million women and girls in its first 10 years. - For more information, please navigate to the Fondation Chanel website here Career and Leadership Development: - We have dedicated in-house teams focused on supporting the onboarding of employees, developing leadership skills via custom programs like Imagine Chanel People, Heart of Leadership and group and individual coaching, and blended online and live classes offered on our Bloom platform and by skilled trainers, such as Shape Your Career, to develop career building skills. - Chanel, Inc. benefits and perks are dependent on eligibility and subject to modification by Chanel at any time.
• Overseeing the day-to-day functions of the Dentsply Sirona Implants and Prosthetics team. • Developing regulatory strategies for existing, new, and modified medical devices and other (regulated) products. • Managing and submitting 510ks for the products and managing communications with FDA including pre-subs. • Mentoring and providing guidance to direct reports and cross-functional product development teams on US and EU regulatory requirements. • Working closely with business partners for registrations in their respective countries to ensure compliance globally.



