Information Security Risk and Compliance Analyst

Department: Information Security Office
Salary/Grade: ITS/79

Job Summary:

The Information Security Risk and Compliance Analyst uniquely combines the technical understanding of information security risks and possible mitigations along with a partnership role to service as a resource to the broader Northwestern community about information security risk evaluation and technology-related compliance requirements. This includes, but is not limited to: cybersecurity risk consulting, risk reporting and assignment, technology purchase analysis and contract management, policy exception risk evaluation, as well as participating in other Information Security projects related to risk and compliance. This position will collaborate with other areas of Northwestern University Information Technology, distributed IT, and the broader university community.

Specific Responsibilities:

• Performs Information Security third-party due diligence and risk assessments, including contract reviews and third-party risk management.
• Investigates Information Security compliance matters, including regulatory requirements, third-party data breaches, and supply-chain vulnerabilities
• Assists with policy exception processes and maintenance of the University's information security risk register
• Reviews existing practices and policies and assists with developing protocols for implementing cybersecurity controls, solutions, and capabilities
• Promotes compliance and risk-based controls prioritization; consults with University Risk Management and Compliance as well as other strategic partners from across Northwestern on IT-related risks, requirements, policies, and standards
• Drafts and reviews documentation such as analysis of technical, administrative, or procedural risk and compliance issues; procedural documentation/playbooks, and team documentation
• Consults with faculty and researchers on the development of technology control plans and grant proposals, as well as the fulfillment of cybersecurity risk and compliance requirements for grants and contracts
• Collaborates with other information security staff as needed for incident remediation or security incident investigations

Miscellaneous

Performs other duties as assigned.

Minimum Qualifications:

• Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree; OR appropriate combination of education and experience
• 2+ years of experience in information technology, information security, risk management, compliance auditing, data governance or closely related field
• Experience working with policies and standards based on recognized industry frameworks (e.g. NIST, ISO, COBIT)
• Strong oral and written communication skills
• Ability to weigh business needs against security risk and compliance concerns and articulate issues to the user community
• Experience in the systems/technologies/frameworks below:
  • Risk registers
  • Third-party risk management systems
  • Vendor contract review and management
  • Regulatory frameworks: FERPA, HIPAA/HITECH, NIST 800-171, NIST 800-53

Preferred Qualifications:

• Experience in a higher education environment
• Experience in a large-scale research environment
• Experience managing legal contracts and/or licenses
• Experience with GRC/DLP toolsets and/or advanced compliance policy platforms (such as Microsoft Purview)
• Experience developing or editing information security policies, information security governance, or risk and compliance governance
• Security or technology industry certifications (e.g. CISSP, SANS, CISA, CRISC, or similar)
• Demonstrated ability to collaborate positively and effectively with diverse constituencies

Target hiring range for this position will be between $80,297-$92,000 per year. Offered salary will be determined by the applicant's education, experience, knowledge, skills and abilities, as well as internal equity and alignment with market data.

Benefits:
At Northwestern, we are proud to provide meaningful, competitive, high-quality health care plans, retirement benefits, tuition discounts and more! Visit us at https://www.northwestern.edu/hr/benefits/index.html to learn more.

Work-Life and Wellness:
Northwestern offers comprehensive programs and services to help you and your family navigate life's challenges and opportunities, and adopt and maintain healthy lifestyles.
We support flexible work arrangements where possible and programs to help you locate and pay for quality, affordable childcare and senior/adult care. Visit us at https://www.northwestern.edu/hr/benefits/work-life/index.html to learn more.

Professional Growth & Development:
Northwestern supports employee career development in all circumstances whether your workspace is on campus or at home. If you're interested in developing your professional potential or continuing your formal education, we offer a variety of tools and resources. Visit us at https://www.northwestern.edu/hr/learning/index.html to learn more.

Northwestern University is an Equal Opportunity Employer and does not discriminate on the basis of protected characteristics, including disability and veteran status. View Northwestern's non-discrimination statement. Job applicants who wish to request an accommodation in the application or hiring process should contact the Office of Civil Rights and Title IX Compliance. View additional information on the accommodations process.