Job Details

This ad is expired.
Northeastern University
  • Position Number: 1993543
  • Location: Boston, MA
  • Position Type: Business - Finance

Information Security Risk Manager and Compliance Manager

About Northeastern:
Founded in 1898, Northeastern is a global research university and the recognized leader in experience-driven lifelong learning. Our world-renowned experiential approach empowers our students, faculty, alumni, and partners to create impact far beyond the confines of discipline, degree, and campus.

Our locationsin Boston; Charlotte, North Carolina; London; Portland, Maine; San Francisco; Seattle; Silicon Valley; Toronto; Vancouver; and the Massachusetts communities of Burlington and Nahantare nodes in our growing global university system. Through this network, we expand opportunities for flexible, student-centered learning and collaborative, solutions-focused research.

Northeastern's comprehensive array of undergraduate and graduate programs in a variety of on-campus and online formatslead to degrees through the doctorate in nine colleges and schools. Among these, we offer more than 195 multi-discipline majors and degrees designed to prepare students for purposeful lives and careers.

About the Opportunity:
The primary role of the Risk and Compliance Manager will lead the strategic design, development, and implementation of a comprehensive risk management and compliance program in support of the university's mission, partnering with teams in information technology services and across the university to manage security, privacy, and regulatory risks to the university and its constituents.

The right individual for this role will have the ability to build and lead successful teams, experience with a variety of compliance frameworks, proficiency in technical concepts, and the ability to manage complex projects. The Risk and Compliance Manager reports to the Chief Information Security Officer.

Develop a digital risk vision and strategy that enables and facilitates the university's business objectives and ensure senior stakeholder buy-in; conduct in-depth technology risk assessments including identifying and documenting controls, identifying potential gaps and making sound recommendations for improvement and/or mitigation; work with internal and external auditors, assessors, and outside consultants on security assessments and audits, ensuring findings are remediated appropriately and in a timely manner.

Support university research operations to ensure compliance with regulations, policies, and contract terms

Implement and manage a vendor risk management program; review third party vendor contracts to ensure appropriate security and compliance controls are in place and functioning effectively

Develop and maintain a document framework of continuously up-to-date risk policies, standards and guidelines; oversee the approval and publication of risk policies

Create and manage a targeted digital risk awareness-training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this digital risk training program for the different audiences

  • Bachelor's degree or equivalent work experience
  • Seven years of professional IT experience, preferably building or operating programs to mitigate risks around security, confidentiality, integrity, availability, and privacy
  • One to three years of management experience
  • Knowledge of information security risk management frameworks and compliance practices, including common security standards and regulations relating to a higher education environment (e.g., PCI DSS, FERPA, NIST, etc.)
  • Experience developing and maintaining policies, procedures, standards and guidelines
  • Ability to assess computer systems and business processes for security risks or violations and work with ITS and campus staff and technology vendors to recommend solutions
  • Excellent interpersonal, communication, and presentation skills, including formal report writing experience
  • Strong customer service orientation
  • Ability to work with minimal supervision
  • Information security related training or certifications, such as CISA, CISSP, CCSK, CIPP, or CRISC preferred
  • Experience in higher education preferred

Preferred Qualifications:

  • Bachelor's degree
  • Information security or risk management experience in higher education
  • Experience with federal security standards such as FedRAMP and FISMA

Salary Grade:

Additional Information:
A criminal background check is required for this opening.

Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.

All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.

To learn more about Northeastern University's commitment and support of diversity and inclusion, please see

To apply, visit

Copyright 2017 Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency


By continuing to use our site, you agree to our Terms of Service and Privacy Policy. Learn more about how we use cookies by reviewing our Cookie Policy.