Risk and Compliance Manager

A global higher education leader in innovative teaching, research and public service, the University of North Carolina at Chapel Hill consistently ranks as one of the nation's top public universities. Known for its beautiful campus, world-class medical care, commitment to the arts and top athletic programs, Carolina is an ideal place to teach, work and learn.

One of the best college towns and best places to live in the United States, Chapel Hill has diverse social, cultural, recreation and professional opportunities that span the campus and community.

University employees can choose from a wide range of professional training opportunities for career growth, skill development and lifelong learning and enjoy exclusive perks for numerous retail, restaurant and performing arts discounts, savings on local child care centers and special rates on select campus events. UNC-Chapel Hill offers full-time employees a comprehensive benefits package, paid leave, and a variety of health, life and retirement plans and additional programs that support a healthy work/life balance.

The Information Security & Identity Management division manages the University's Information Security Office and Identity Management. The Security Office is responsible for coordinating and ensuring that information security across the University is consistent with industry best practices and the University's compliance obligations. Identity Management (IdM) identifies individuals within an enterprise or group and defines and controls the access they have to information and resources within a computer network based on their roles and circumstances.

This position is a 100% remote work arrangement, consistent with System Office policy. UNC Chapel Hill employees are generally required to reside in North Carolina, within a reasonable commuting distance of their assigned duty station.

Information security at UNC Chapel Hill is building a program capable of meeting the institution's security challenges of tomorrow. We seek a Manager of the Risk and Compliance team. Engaging with faculty and staff across all parts of the University, this team is responsible for assessing whether technology meets institutional and external security requirements, evaluating options when the default controls cannot be implemented, maintaining several critical cybersecurity compliance programs, and providing security consultations for departments and major initiatives.

Working under minimal supervision, the Manager is responsible for delivering scalable, effective solutions to meet security program goals. The Manager represents the Information Security Office within the University when discussing risk and compliance topics. The Manager coordinates work necessary to deliver our HIPAA, PCI, and Research Security (e.g., NIST 800-171, NIST 800-53, CMMC, others) compliance program outcomes. The Manager collaborates with other Information Security Office teams, such as Detection and Response, in order to update Risk methods and recommend changes to University policy. The Manager provides support and guidance for the professional development of the Risk and Compliance security analysts. The Manager also participates in security program planning, prioritization, and preparation of periodic updates to our Board of Trustees.

Masters' and 2-4 years' experience; or Bachelors and 3-5 years' experience; or will accept a combination of related education and experience in substitution.

The University is an equal opportunity employer and welcomes all to apply without regard to age, color, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, or sexual orientation. We encourage all qualified applicants to apply, including protected veterans and individuals with disabilities.