IT Risk and Compliance Specialist - Hybrid Chicago Loop Office or Remote

About The Position

Requirements

• Bachelor’s Degree in Management Information Systems, Computer Science, Business Administration, or a related field. Or equivalent experience in IT security, risk, or compliance may be considered.
• Current certifications in IT security compliance, such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).
• Minimum of 6+ years of experience in IT security auditing, risk assessment, or compliance, with a primary focus on government security frameworks and contracts.
• Proven expertise in auditing IT systems for compliance with security frameworks, including preparing and reviewing System Security Plans (SSPs), Corrective Action Plans (CAPs), and Contingency Plans.
• Proficiency in Governance, Risk, and Compliance (GRC) or Information Risk Management (IRM) systems, with a track record of managing compliance across multiple frameworks, including FedRAMP, NIST, and ISO standards.
• Deep knowledge of information security protocols across infrastructure layers, including networks, servers, databases, and applications, with hands-on experience in advanced security assessment techniques.
• Experience managing compliance in hybrid and multi-tenant infrastructures, with strong familiarity with privacy regulations such as GDPR, CCPA/CPRA, and the HIPAA Privacy Rule.
• Extensive experience in the implementation and oversight of frameworks such as FedRAMP, CMMC, NIST 800-171, ISO 27001, and HITRUST.
• Qualified applicants must be eligible to work in the U.S. We regret that we are unable to offer visa sponsorship for this position.

Responsibilities

• Lead comprehensive internal and external IT compliance audits, ensuring alignment with critical security standards such as FedRAMP, CMMC, NIST 800-171, and ISO 27001.
• Execute in-depth risk assessments and security impact analyses of information systems, identifying potential vulnerabilities and proposing mitigation strategies.
• Develop, review, and manage key audit documentation, including the creation of corrective action and remediation plans to address identified deficiencies.
• Oversee and ensure continuous compliance with contract requirements, with a focus on tracking and reporting the progress of Corrective Action Plans (CAPs).
• Collaborate closely with Security Engineers and stakeholders to remediate compliance issues, ensuring alignment with regulations such as FISMA, Section 508, NIST SP 800-53, HITRUST, and HIPAA Security & Privacy standards.
• Design, implement, and optimize policies, procedures, and automated processes for compliance in hybrid and multi-tenant infrastructures.
• Provide mentorship and strategic guidance to IT teams, translating complex regulatory requirements into actionable technical steps for seamless compliance execution.
• Foster strong, collaborative relationships with NORC’s research community and other key stakeholders, facilitating a culture of compliance and security.

Benefits

• Generously subsidized health insurance, effective on the first day of employment
• Dental and vision insurance
• A defined contribution retirement program, along with a separate voluntary 403(b) retirement program
• Group life insurance, long-term and short-term disability insurance
• Benefits that promote work/life balance, including generous paid time off, holidays; paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP).