Senior Compliance Analyst

Department

Provost Globus Compliance

About the Department

Globus (www.globus.org) is a sustainable, non-profit unit within The University of Chicago delivering solutions to the research community worldwide. Globus develops and provides critical services that support scientific research for governmental, academic, and commercial organizations in a wide range of disciplines including life sciences, physics, and astronomy. We develop and operate commercial-quality, cloud-based software application and platform services used by 10s of thousands of researchers to manage their large–and growing–data management challenges. We have offices located at 455 N. Cityfront Plaza Drive in the heart of downtown Chicago and remote employees who work-from-home. Globus, together with Globus Labs, a research group within the University of Chicago, and part of the Data Science and Learning Division at Argonne National Labs, develop and deploy cutting edge technologies to solve new challenges facing the scientific community and enable break-through scientific discoveries.

Job Summary

As a Sr. Compliance Analyst you will join our growing Governance, Risk, and Compliance team and play a key role in supporting the continued development and maturation of the Globus Compliance program.

In this role, you will have opportunities to own, drive, and support a variety of compliance efforts, for example, managing internal and external compliance assessments and audits, tracking of compliance documentation and evidence, responding to customer requests for security and compliance information, development and implementation of policies and procedures, and development and delivery of training and awareness materials.

You will leverage your previous experience in and knowledge of information security, IT, and/or GRC programs to ensure Globus systems, operations, and business processes comply with a wide-range of evolving frameworks and regulations, including NIST RMF, HIPAA, and GDPR and to provide recommendations for continued improvement of the Compliance program.

An ideal candidate thrives in collaborative, innovative, mission-oriented environments and has a strong desire to build bridges across teams to support compliance initiatives. They are enthusiastic about the Governance, Risk, and Compliance domain and desire to remain engaged in the constantly changing compliance and regulatory landscape. They seek to bring new and innovative solutions and ideas to a growing compliance program.

If that sounds like you, consider joining Globus where your skills and passion for compliance can make a strategic and meaningful impact on research worldwide!

Responsibilities

• Drive internal and external audits by gathering, organizing, and preparing compliance documentation and artifacts.

• Track and manage requirements, deadlines, and Plan of Action and Milestones for projects within the Compliance Program.

• Keep abreast of changes to Globus products and underlying technologies to facilitate compliance at a technical level.

• Assess and validate Globus systems and processes to ensure compliance with framework and regulatory requirements.

• Lead risk management initiatives by identifying and categorizing risks to the Globus organization and its systems and processes.

• Ensure continued improvement of compliance documentation by organizing, reviewing, modifying, and updating policies, procedures, and system security and privacy plans as necessary.

• Support the ongoing development of Globus’ change management program by tracking and validating change management requests and processes.

• Create effective security training and awareness materials.

• Educate Globus teams about compliance framework requirements and implementation.

• Develop and own projects that facilitate Globus’ compliance with relevant regulatory frameworks.

• Use a deep understanding of IT expertise to develop and implement security and compliance policies, guidelines, and safe practices for university-wide computing and networking systems.

• Lead teams to conduct in-depth information technology risk assessments; make recommendations and design improvements to IT security procedures.

• Perform other related work as needed.

Minimum Qualifications

Education:

Minimum requirements include a college or university degree in related field.

Work Experience:

Minimum requirements include knowledge and skills developed through 5-7 years of work experience in a related job discipline.

Certifications:

---

Preferred Qualifications

Experience:

• Prior work experience in an information assurance or GRC related job discipline (e.g. cybersecurity governance, policy analysis, risk management, security operations, or other security and compliance roles).

• Proven in-depth understanding of relevant compliance and regulatory frameworks, such as NIST RMF, NIST CSF, NIST SP 800-53, NIST SP 800-171, HIPAA Security Rule, ISO 27K, SOC 2 Type II, CMMC, HITRUST, FedRAMP, etc.

• Experience assessing security and compliance controls for systems in a cloud-based environment (AWS, GCP, Azure).

• Prior experience driving and contributing to internal or external cybersecurity and compliance assessments or audits.

• Experience creating, reviewing, and managing compliance documents, including policies and procedures, system security plans, risk registers, and POAMs.

• Experience creating and/or delivering compliance training.

• Experience in higher education, government or other regulated industries.

• Experience working with version control systems, especially git and GitHub.

• Additional professional or technical cybersecurity certifications (e.g. CompTIA Security+, ISACA CISA, ISACA CRISC, ISACA CISM, ISC2 CISSP).

Preferred Competencies

• Excellent written and verbal communication skills and the ability to communicate effectively to various audiences.

• Strong analytical, organizational, and problem solving skills with ability to turn incomplete or ambiguous inputs into actionable plans.

• Positive attitude and commitment to continuous growth and development.

• Excellent attention to detail.

• Collaborative mindset with a strong desire to build bridges across teams.

• Knowledge of core cybersecurity concepts and best practice.

• Ability to shift day-to-day priorities while keeping focused on long-term goals and objectives.

• Ability to quickly learn new technologies.

• Demonstrated ability to take on smaller projects and drive to completion.

• Demonstrated ability to balance business and security concerns.

Working Conditions

• Occasional evening or weekend hours.

• Option available for remote  work with occasional required attendance at in-person meetings.

Application Documents

• Resume (required)

Job Family

Information Technology

Role Impact

Individual Contributor

Scheduled Weekly Hours

37.5

Drug Test Required
 

No

Health Screen Required
 

No

Motor Vehicle Record Inquiry Required
 

No

Pay Rate Type

Salary

​
FLSA Status

Exempt

​
Pay Range

$100,000.00 - $140,000.00

The included pay rate or range represents the University’s good faith estimate of the possible compensation offer for this role at the time of posting.

Benefits Eligible

Yes

The University of Chicago offers a wide range of benefits programs and resources for eligible employees, including health, retirement, and paid time off. Information about the benefit offerings can be found in the Benefits Guidebook.

Posting Statement
 

The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender, gender identity, national or ethnic origin, age, status as an individual with a disability, military or veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination.

 

Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via Applicant Inquiry Form.

 

We seek a diverse pool of applicants who wish to join an academic community that places the highest value on rigorous inquiry and encourages a diversity of perspectives, experiences, groups of individuals, and ideas to inform and stimulate intellectual challenge, engagement, and exchange.

 

All offers of employment are contingent upon a background check that includes a review of conviction history.  A conviction does not automatically preclude University employment.  Rather, the University considers conviction information on a case-by-case basis and assesses the nature of the offense, the circumstances surrounding it, the proximity in time of the conviction, and its relevance to the position.

 

The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: http://securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.