IT Security Engineer

JOB SUMMARY: This position is responsible for planning, designing, implementing, consulting, and supporting the technologies and processes supporting the IT Security, Risk, and Compliance program. Provide risk assessment and remediation to enhance the confidentiality, integrity, and availability of all NORC infrastructure, systems and applications. Provide ongoing security and compliance consultation and education for the end user community as well as IT teams and management. Mentor and provide guidance to less experienced personnel. DEPARTMENT: IT Security

NORC's Information Technology program provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research.​

RESPONSIBILITIES:

• Assess, gather, and evaluate client application requirements and complete security impact analysis as well as provide security requirements.
• Validate technical controls are designed and implemented to protect NORC digital assets.
• Provide consulting as it relates to IT Security such as controls, protocols, or best practices
• Implement, operate and monitor security tools in a multi-cloud, SaaS/PasS, and hybrid environment
• Monitor security advisory groups to ensure all necessary security updates, patches and preventive measures are in place.
• Monitor security protections for NORC infrastructure, systems and applications.
• Assess, gather, and evaluate client application requirements and complete security impact analysis as well as provide security requirements.
• Collaborate with implementation and development teams to ensure secure software development practices are being followed.
• Prepare reports for management on security status, incidents, and improvement recommendations.
• Stay updated on the latest security trends, threats, and technology solutions.
• Supporting the maintenance of compliant security programs.
• Collaborate with teams to solve security and IT related issues.

REQUIRED SKILLS:

• 7 years professional experience in technology, IT security, risk assessment, or compliance in a hybrid, multi-tenant and multi-cloud environment.
• Understanding and interpreting of requirements in NIST 800-53, FedRAMP, NIST 800-171, ISO 27001 and other relevant frameworks.
• Requires previous experience working in a security administration role with related duties such as system hardening, development of audit reports, creating secure baseline device configurations and conducting penetration testing.
• Subject matter expertise in security and identity management.
• Certification in cloud security or information security.
• Strong verbal and written communication skills.

SALARY AND BENEFITS:

The pay range for this position is $110,000 -$165,000.

This position is classified as regular. Regular staff are eligible for NORC’s comprehensive benefits program. Benefits include, but are not limited to:  

• Generously subsidized health insurance, effective on the first day of employment 

• Dental and vision insurance  

• A defined contribution retirement program, along with a separate voluntary 403(b) retirement program  

• Group life insurance, long-term and short-term disability insurance 

• Benefits that promote work/life balance, including generous paid time off, holidays; paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP). 

 NORC’s Approach to Equity and Transparency  

Pay and benefits transparency helps to reduce wage gaps. As part of our commitment to pay equity and salary transparency, NORC includes a salary range for each job opening along with information about eligible benefit offerings. At NORC, we take a comprehensive approach to setting salary ranges and reviewing raises and promotions, which is overseen by a formal Salary Review Committee (SRC). 

WHAT WE DO:

NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge.

WHO WE ARE:

For over 80 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which we’re known and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale.

EEO STATEMENT: 

NORC is an affirmative action, equal opportunity employer that values and actively seeks diversity in the workforce. NORC evaluates qualified applicants without regard to race, color, religion, sex, national origin, disability, status as a protected veteran, sexual orientation, gender identity, and other legally protected characteristics.