Information Security Architect

• Designs and oversees the University's enterprise security architecture, ensuring alignment with research requirements, administrative operations, and educational technology needs.
• Develops and maintains security policies, standards, procedures, and guidelines that provide robust protection, ensure compliance with industry best practices and regulatory requirements, and meet the unique needs of an academic environment.
• Leads cross-functional teams to conduct in-depth information technology risk and compliance assessments for major IT initiatives.
• Monitors and assesses the effectiveness of existing security architecture, governance, and operations.
• Reviews and approves security designs for new projects and system changes.
• Provides strategic leadership and expert guidance on security trends, technologies, and services.
• Collaborates with stakeholders including researchers, administrative staff, and IT teams to understand requirements and provide solutions with appropriate security controls.
• Collaborates with higher education peers in identifying and sharing best practice solutions.
• Promotes information security awareness across the institution.
• Designs and oversees the information security and compliance monitoring infrastructure.
• Provides technical leadership for all phases of the incident response lifecycle.
• Monitors threat intelligence and emerging security trends to ensure the University's security posture remains robust and adaptive.
• Uses depth and breadth of IT expertise to develop and implement security and compliance policies, guidelines, and safe practices for university-wide computing and networking systems.
• Leads teams to conduct in-depth information technology risk assessments; makes recommendations and designs improvements to IT security procedures.
• Solves complex problems relating to user security needs and supports the implementation of procedures to accommodate them. Ensures that the user community understands and adheres to necessary procedures to maintain security.
• Performs other related work as needed.

• Bachelor’s degree in computer science, cybersecurity, information technology, or a relevant field.

• Three or more years of experience as an architect in information technology.

• Certification demonstrating broad security industry knowledge, such as CISSP or GSEC.
• Certification demonstrating expertise in a specific technology domain, such as security architecture or cloud computing.

• Expertise in common security frameworks and compliance standards, including NIST CSF, NIST 800-53, NIST 800-171, HIPAA, FedRAMP, and CMMC.
• Expertise in fundamental network and communication technologies including TCP/IP, HTTP, TLS, x.509, and DMARC.
• Analyze information provided by common security tools used to monitor networks, endpoints, cloud platforms, email security, and vulnerabilities.
• Create network diagrams, threat models, data flow diagrams, and related artifacts used for risk assessment and threat analysis.
• Understanding of the Secure Software Development Lifecycle.
• Understanding of native tools provided by AWS, Azure, and GCP for monitoring, management, and compliance.
• Understanding of common threat actor tools, techniques, and procedures.
• Understanding of all phases of security incident response.

• Diagnose complex technical problems.
• Work collaboratively and independently.
• Lead cross-functional teams.
• Handle multiple tasks and substantial deadline pressure.

• Office environment.
• Sit for 4 hours or more.
• Use computers extensively for 4 hours or more.
• Handle work outside of normal business hours on a scheduled or emergency basis.
• Occasional travel for training, conferences, or special events.

• Resume/CV (required)
• Cover Letter (required)

University of Chicago