drjobs Information Security Risk Analyst

Information Security Risk Analyst

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Darien, IL - USA

Monthly Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

Job Description

Join a worldclass academic healthcare system UChicago Medicine as an Information Security Risk Analystin our Information Security department. This position will be primarily a work from home opportunity with the requirement to come onsite as needed. You will need to be based in the greater Chicagoland area.

The Information Security Risk Analyst is a key member within the Governance Risk and Compliance team supporting and executing the information security and risk management strategy for the University of Chicago Medicine. The analyst will conduct risk analysis on information systems platforms and processes in accordance with established regulations and organizational standards. The analyst will assist in identifying assessing tracking reporting and supporting the mitigation of information security risks across the organization. This position plays a key role in ensuring the organizations adherence to HIPAA NIST and other healthcare cybersecurity regulations and frameworks. The analyst will work closely with internal stakeholders IT Partners and thirdparty stakeholders to ensure risks are identified documented mitigated and aligned with regulatory and policy requirements to promote a riskaware culture and safeguard patient and institutional data. The role supports the continuous improvement of the organizations risk management program and provides insights for strategic decisionmaking The ideal candidate will have a strong understanding of security frameworks risk assessment methodologies risk assessments risk register management of audit and penetration testing findings monitoring of regulatory developments while promoting a culture of risk awareness.

Essential Job Functions

  • Conduct comprehensive information security risk analysis for IT assets applications processes medical devices and thirdparty vendors.
  • Evaluate threats and vulnerabilities affecting the confidentiality integrity and availability of electronic protected health information (ePHI) and any other confidential or sensitive information ensuring alignment with HIPAA Security Rule requirements and other applicable regulatory frameworks (e.g. NIST).
  • Support risk management initiatives based on analysis outcomes including the development and maintenance of the organizations risk register and scoring methodology.
  • Assist in managing penetration testing findings internal audit findings and collaborate with key IT Partners and stakeholders to ensure timely resolution of identified risks.
  • Monitor regulatory changes and industry threats to proactively identify emerging risks recommend appropriate mitigation strategies and document findings.
  • Work with stakeholders to implement and verify risk treatment actions.
  • Participate in risk acceptance processes and provide input to governance committees or leadership on risk posture and exceptions.
  • Assist in the development and improvement of policies procedures and technical documentation related to cybersecurity risk management.
  • Help enhance the organizations cybersecurity awareness and training efforts by communicating risk insights to technical and nontechnical audiences.
  • Other duties as assigned.

Required Qualifications

  • Bachelors degree in Information Security Computer Science Engineering Information Technology or a related field
  • 12 years of experience in information security risk management preferably in a healthcare environment
  • Knowledge of IT risk analysis auditing and/or information security practices
  • Understanding of regulatory compliance and industry best practices towards maintaining compliance with HIPAA NIST and other relevant healthcare regulations and standards
  • Ability to conduct thorough cybersecurity risk assessments
  • Ability to prepare both executive and detailed reports on risk findings and status
  • Ability to develop remediation plans and guide technology departments with remediation strategy
  • Ability to build positive team relationships with all levels of the enterprise and across a diverse set of departments
  • Ability to plan and execute project plans risk tracking and documentation
  • Ability to learn quickly and work effectively in a team environment
  • Knowledge and ability to integrate cybersecurity risk management with business operations healthcare delivery and IT services
  • Effective oral and written communication skills and interpersonal skills with the ability to translate technical risk into businessrelevant language
  • Ability to understand and work with healthcare professionals educators and researchers
  • One or more of the following security certifications are preferred at the time of hire or must be obtained within 2 years of hire: CompTIA Security CC CRISC CISM or any other applicable certification

Preferred Qualifications

  • Masters degree

Position Details

  • Job Type/FTE:Full Time (1.0 FTE)
  • Shift: Days
  • Location: Flexible (Hyde Park; Darien)
  • Unit/Department: Information Security Office
  • CBA Code: NonUnion

Why Join Us

Weve been at the forefront of medicine since 1899. We provide superior healthcare with compassion always mindful that each patient is a person an individual. To accomplish this we need employees with passion talent and commitment with patients and with each other. Were in this together: working to advance medical innovation serve the health needs of the community and move our collective knowledge forward. If youd like to add enriching human life to your profile UChicago Medicine is for you. Here at the forefront were doing work that really matters. Join us. Bring your passion.

UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at:UChicago Medicine Career Opportunities.

UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race color ethnicity ancestry sex sexual orientation gender identity marital status civil union status parental status religion national origin age disability veteran status and other legally protected characteristics.

Must comply with UChicago Medicines COVID19 Vaccination requirement as a condition of employment. If you have already received the vaccination you must provide proof as part of the preemployment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly a preemployment physical drug screening and background check are also required for all employees prior to hire.

Compensation & Benefits Overview

UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.

The pay range is based on a fulltime equivalent (1.0 FTE) and is reflective of current market data reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.

Review the full complement of benefit options for eligible roles at Benefits UChicago Medicine.


Required Experience:

IC

Employment Type

Full-Time

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.