IT Risk and Security Compliance Analyst - Hybrid
Location: Chicago
Posted on: June 23, 2025
|
|
|
Job Description:
JOB SUMMARY: NORC at the University of Chicago is seeking an IT
Risk and Security Compliance Analyst with extensive experience
managing and optimizing ServiceNow GRC to support and enhance our
security compliance program . This role will play a key part in
configuring, maintaining, and improving ServiceNow GRC workflows ,
ensuring compliance with government security standards such as
FISMA, NIST 800-53, HIPAA, and FedRAMP . The ideal candidate will
have strong expertise in GRC tool management , compliance
assessments, and risk monitoring. They will work closely with IT
and security teams to automate processes, track compliance
requirements, and support audits and risk assessments within a
hybrid, multi-tenant infrastructure . DEPARTMENT: IT Risk and
Compliance NORC's Information Technology program provides
technology services to our staff and clients. Given the critical
role technology plays in our day-to-day lives, we are committed to
providing professional, high-quality solutions in order to further
our collective goal of advancing social science research.
RESPONSIBILITIES: ServiceNow GRC Administration & Optimization Lead
the management, configuration, and optimization of ServiceNow GRC ,
ensuring alignment with security frameworks and regulatory
requirements. Develop and automate workflows for compliance
tracking, risk assessments, control monitoring, and audit
management. Continuously improve and refine ServiceNow GRC
functionalities to enhance efficiency and reporting. Provide
training and support to internal teams on the use of ServiceNow GRC
for compliance activities. Security Compliance & Risk Management
Conduct risk assessments and track compliance with FISMA, NIST
800-53, HIPAA, and FedRAMP security controls. Maintain security
documentation, including SSPs, CAPs, Contingency Plans , and other
compliance artifacts. Perform continuous monitoring, identify
security gaps, and recommend remediation strategies. Support
internal and external audits , ensuring all required security
evidence is collected and documented. Collaboration & Communication
Work closely with IT, security engineers, and external clients to
ensure security controls are implemented and maintained.
Communicate compliance requirements effectively to technical and
non-technical stakeholders. REQUIRED SKILLS: Bachelor’s degree in
management information systems, Computer Science, Business
Administration, or related field (or equivalent experience). 2
years of experience in IT security, risk assessment, and compliance
within a government contract environment. Extensive hands-on
experience managing and configuring ServiceNow GRC. Security
Certifications (one or more preferred): CISA, CISM, CRISC, CISSP,
or SSCP. Strong knowledge of GRC/IRM systems for compliance
tracking, risk management, and audit readiness. Experience in
FedRAMP and FISMA , including security package development and
control validation. Understanding of hybrid, multi-tenant
infrastructure security , including network, server, database, and
application security. Excellent verbal and written communication
skills , with the ability to bridge technical and business
perspectives. SALARY AND BENEFITS: The pay range for this position
is $77,000 – $116,000. This position is classified as regular.
Regular staff are eligible for NORC’s comprehensive benefits
program. Benefits include, but are not limited to: Generously
subsidized health insurance, effective on the first day of
employment Dental and vision insurance A defined contribution
retirement program, along with a separate voluntary 403(b)
retirement program Group life insurance, long-term and short-term
disability insurance Benefits that promote work/life balance,
including generous paid time off, holidays; paid parental leave,
bereavement leave, tuition assistance, and an Employee Assistance
Program (EAP). NORC’s Approach to Equity and Transparency Pay and
benefits transparency helps to reduce wage gaps. As part of our
commitment to pay equity and salary transparency, NORC includes a
salary range for each job opening along with information about
eligible benefit offerings. At NORC, we take a comprehensive
approach to setting salary ranges and reviewing raises and
promotions, which is overseen by a formal Salary Review Committee
(SRC). WHAT WE DO: NORC at the University of Chicago is an
objective, non-partisan research institution that delivers reliable
data and rigorous analysis to guide critical programmatic,
business, and policy decisions. Since 1941, our teams have
conducted groundbreaking studies, created and applied innovative
methods and tools, and advanced principles of scientific integrity
and collaboration. Today, government, corporate, and nonprofit
clients around the world partner with us to transform increasingly
complex information into useful knowledge. WHO WE ARE: For over 80
years, NORC has evolved in many ways, moving the needle with
research methods, technical applications and groundbreaking
research findings. But our tradition of excellence, passion for
innovation, and commitment to collegiality have remained constant
components of who we are as a brand, and who each of us is as a
member of the NORC team. With world-class benefits, a business
casual environment, and an emphasis on continuous learning, NORC is
a place where people join for the stellar research and analysis
work for which we’re known, and stay for the relationships they
form with their colleagues who take pride in the impact their work
is making on a global scale. EEO STATEMENT: NORC is an equal
opportunity employer. NORC evaluates qualified applicants without
regard to race, color, religion, sex, gender, national origin,
disability, status as a protected veteran, sexual orientation, and
other legally protected characteristics.
Keywords: , Downers Grove , IT Risk and Security Compliance Analyst - Hybrid, IT / Software / Systems , Chicago, Illinois
