The Center for Translational Data Science at the University of Chicago is a research center pioneering the discipline of translational data science to advance biology, medicine, and environmental research. We architect ecosystems of large-scale commons of research data, computing resources, applications, tools, and services for the broader research community to use data at scale to pursue scientific inquiry and accelerate discovery. These growing data commons offer petabytes of rich research data to scientists across the world.
The job uses best practices and knowledge of to develop and implement information security and identity management solutions. Guides teams to deploy new technologies and manage existing security infrastructure as well as respond to cyber security incidents. Anticipates risks to the organization and leads security penetration testing and security awareness outreach.
This at-will position is wholly or partially funded by contractual grant funding which is renewed under provisions set by the grantor of the contract. Employment will be contingent upon the continued receipt of these grant funds and satisfactory job performance.
Development of diverse and impactful risk metrics.
Monitor and manage compliance of implemented enterprise information security controls.
Lead and conduct risk analysis, assessments, and security audits using internal solutions and third-party vendor partners.
Identify, implement, monitor, and lead enforcement of information security compliance, regulatory, and control frameworks.
Provide Information Security consulting and security awareness education.
Improve, monitor, and coordinate Third Party Vendor Risk Management activities.
Conduct research on information security best practices, solutions, strategies.
Develop, maintain, and lead enforcement of strong information security policy, procedures, standards, and position papers.
Develop, maintain, and lead enforcement of strong security governance of all Information Security strategy and operational process.
Plan and review annually the risks influencing the effectiveness of information security, privacy, and Information security risk management.
Represent Information Security and foster positive collaboration amongst CTDS peers, University departments, agency sponsors, and organizational partners.
Uses a deep understanding of IT expertise to develop and implement security and compliance policies, guidelines, and safe practices for university-wide computing and networking systems.
Leads teams to conduct in-depth information technology risk assessments; makes recommendations and designs improvements to IT security procedures.
Guides communications with users to understand their security needs and supports the implementation of procedures to accommodate them. Ensures that user community understands and adheres to necessary procedures to maintain security.
Performs other related work as needed.
Minimum requirements include a college or university degree in related field.
Minimum requirements include knowledge and skills developed through 5-7 years of work experience in a related job discipline.
5-7 years business/technical/information security/risk compliance experience.
Experience in information security risk analysis, auditing, compliance, policies, and overall governance and communication.
Demonstrated success implementing and Information Security control frameworks and standards such as ITIL, CIS Top 20, Soc2, GDPR, NIST CSF / 800-53, FISMA, and FedRAMP.
Strong knowledge of audit and risk management methodologies, such as COBIT, NIST 800-37/800-30, FAIR.
Experience with GRC, IAM, and risk management tools and solutions.
Experience with information security tools and solutions.
CISA, CRISC, GIAC, CISM, or CISSP certifications.
Knowledge of hybrid IT systems, networking, and cloud environments (AWS, Google, etc.).
Ability to respond to changing priorities and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
Ability to weigh Center, partner, and agency needs against security and risk tolerance.
Ability to conceptualize a course of action and to organize for the successful completion of that action are critical, often under tight deadlines.
Ability to present information in a consistent and concise manner.
Strong written and verbal communication skills and ability to foster collaborative working relationships.