Governance, Risk, And Compliance Lead

Department
 

Provost Globus

About the Department
 

Globus (www.globus.org) is a sustainable, non-profit unit within The University of Chicago delivering solutions to the research community worldwide. Globus develops and provides critical services that support scientific research for governmental, academic, and commercial organizations in a wide range of disciplines including life sciences, physics, and astronomy. We develop and operate commercial-quality, cloud-based software application and platform services used by 10s of thousands of researchers to manage their large–and growing–data management challenges. We have offices located at 401 North Michigan Avenue in the heart of downtown Chicago and remote employees who work-from-home. Globus, together with Globus Labs, a research group within the University of Chicago, and part of the Data Science and Learning Division at Argonne National Labs, develop and deploy cutting edge technologies to solve new challenges facing the scientific community and enable break-through scientific discoveries.

Job Summary
 

As the Governance, Risk, and Compliance Lead for Globus, you will spearhead the Unit's compliance endeavors, ensuring alignment with essential regulatory standards for both our products and operations. Globus offers a robust suite of capabilities for data and compute management, along with automation, serving researchers worldwide. Our offerings come in the form of a hosted service (SaaS) and platform (PaaS), utilizing a hybrid architecture, with management services hosted on Amazon Web Services (AWS).
Globus capabilities are offered for use with protected data and adhere to NIST 800-53 controls and the HIPAA Security Rule. In your capacity, you'll oversee the compliance program to uphold these standards, crafting and leading initiatives aimed at enhancing operational efficiency as we expand. Your focus will be on ensuring that we consistently meet our customers' compliance requirements while scaling our operations effectively. As the resident expert within the team, you'll manage security assessments, monitoring compliance status, providing procedural guidance, implementing security controls, and driving process improvement and maturity initiatives.
Beyond sustaining our current compliance framework, your role will involve leveraging your expertise and insights into the Globus customer base to advocate for and implement additional compliance standards in response to customer demand and market trends. This will entail conducting thorough gap analyses and collaborating with third-party vendors as necessary.
If you thrive in collaborative, innovative, mission-oriented environments, consider joining Globus where your skills and passion for compliance can make a meaningful impact on research worldwide!

Responsibilities

• Leads implementation and maintenance of NIST risk management framework and 800-53 controls to manage security and privacy risks for the Unit.
• Develops compliance strategy, and leads and executes various tasks based on those strategies, including development and maintenance of policies and procedures, system security plan, plans of actions and milestones.
• Reviews technical procedures developed by the operations team, and ensure compliance with policies. 
• Supports the operations team in managing security incidents, generating reports, and serving as the primary liaison for communication with both internal and external stakeholders, in adherence to established policies.
• Serves as Compliance Lead on internal and external assessments and audits.
• Assists customers with security risk assessment of Globus products, and owns all customer communication on security and Compliance. 
• Collaborates with the procurement team to review contract terms and data protection agreements pertaining to product and operational security. Ensures that contractual obligations are in line with the current operational standards of Globus.
• Serves as a mentor to staff providing compliance and security consulting and awareness efforts, including engaging with the product team to analyze security of applications to provide risk recommendations.
• Uses a deep understanding of IT expertise to develop and implement security and Compliance policies, guidelines, and safe practices for the unit.
• Leads teams to conduct in-depth information technology risk assessments; makes recommendations and designs  improvements to IT security procedures.
• Performs other related work as needed.

Minimum Qualifications
 

Education:

Minimum requirements include a college or university degree in related field.

---
Work Experience:

Minimum requirements include knowledge and skills developed through 7+ years of work experience in a related job discipline.

---
Certifications:

Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium, SANS GIAC Certification - Global Information Assurance Certification

---

Preferred Qualifications

Experience:

• Implementation of security or compliance frameworks such as HIPAA, NIST SP 800-53r5, NIST SP 800-171, or similar.

• Maintaining security and Compliance for production applications within cloud-based environments, with a preference for Amazon Web Services. 

• Proficiency in cybersecurity and Compliance within higher education and/or government sectors.

• Demonstrated experience in conducting information security audits or risk assessments.

• Experience as security and/or network engineer and/or system administration.

Licenses and Certifications:

• Relevant security certifications such as CISSP, CISM, CISA, CRISC, or compliance certifications, and/or SANS GIAC certification for technical knowledge (e.g. GWAPT, GPCS, GWEB).

Technical Skills or Knowledge:

• Proven track record of managing Governance, Risk and Compliance programs and supporting various compliance frameworks, including NIST RMF, SOC 1/SOC 2, HITRUST, HIPAA, and/or optionally FedRAMP

• Strong knowledge of information security risk management frameworks, such as NIST RMF, and Compliance practices.

• Demonstrated proficiency in administering intricate security controls and configurations for applications.

• Well-versed in public cloud security and Compliance best practices, particularly in supporting compliance for applications hosted on cloud platforms. 

• Expertise in AWS security controls and Compliance resources.

• Some familiarity with Governance Risk and Compliance tools and suites (e.g. Navex, LogicGate).

Preferred Competencies

• Strong crisis management and leadership ability.

• Work collaboratively with cross-functional teams, especially in an engineering and product environment, and build consensus across teams.

• Enjoys solving complex and hard problems and can turn incomplete, conflicting, or ambiguous inputs into actionable plans.

• Excellent verbal and written communication skills.

• Strong analytical and problem solving skills.

• Excellent organizational skills and constant attention to detail.

• Work independently, and balance competing priorities. 

• Weigh business needs against security concerns. 

Working Conditions

• Occasional evening or weekend hours.

• Option available for hybrid work with occasional required attendance at in-person meetings.

Application Documents

• Resume/CV (required)

When applying, the document(s) MUST be uploaded via the My Experience page, in the section titled Application Documents of the application.

Job Family
 

Information Technology

Role Impact
 

Individual Contributor

FLSA Status
 

Exempt

Pay Frequency
 

Monthly

Scheduled Weekly Hours
 

37.5

Benefits Eligible
 

Yes

Drug Test Required
 

No

Health Screen Required
 

No

Motor Vehicle Record Inquiry Required
 

No

Posting Statement
 

The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender, gender identity, national or ethnic origin, age, status as an individual with a disability, military or veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination.

 

Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via Applicant Inquiry Form.

 

We seek a diverse pool of applicants who wish to join an academic community that places the highest value on rigorous inquiry and encourages a diversity of perspectives, experiences, groups of individuals, and ideas to inform and stimulate intellectual challenge, engagement, and exchange.

 

All offers of employment are contingent upon a background check that includes a review of conviction history.  A conviction does not automatically preclude University employment.  Rather, the University considers conviction information on a case-by-case basis and assesses the nature of the offense, the circumstances surrounding it, the proximity in time of the conviction, and its relevance to the position.

 

The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: http://securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.

Career development, Health care