Information Security Risk Analyst - Intermediate
Information Security Risk Analyst - Intermediate
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Job Description
Join a world-class academic healthcare system UChicago Medicine as an Information Security Risk Analyst Intermediate in our Information Security and Privacy GRC department. This position will be primarily a work-from-home opportunity with the requirement to come onsite as needed. You will need to be based in the greater Chicagoland area.
The Information Security Risk Analyst Intermediate plays a critical role within the Governance Risk and Compliance (GRC) team in executing and enhancing the organizations information security risk management program. The analyst will independently conduct risk analysis on information systems platforms and processes in accordance with established regulatory requirements organizational policies and industry standards. The analyst will lead and contribute to the identification assessment documentation mitigation and communication of information security risks across the organization.
This position supports risk-driven decision-making by collaborating with stakeholders managing risk treatment plans and ensuring compliance with HIPAA NIST and other applicable healthcare cybersecurity regulations and frameworks. The analyst is expected to operate with moderate independence assist in maturing risk workflows and contribute to strategic improvements in governance risk and compliance activities.
The ideal candidate will have a strong understanding of security frameworks risk assessment methodologies risk assessments risk registers and the management of audit and penetration testing findings. The ideal candidate should be adept at monitoring regulatory developments while promoting a culture of risk awareness across the organization.
Essential Job Functions
- Lead and conduct comprehensive information security risk analysis for IT assets applications processes medical devices and third-party vendors.
- Evaluate threats and vulnerabilities affecting the confidentiality integrity and availability of electronic protected health information (ePHI) and any other confidential or sensitive information ensuring alignment with HIPAA Security Rule requirements and other applicable regulatory frameworks (e.g. NIST).
- Lead and manage risk management initiatives based on analysis of outcomes including maintaining the organizations risk register and scoring methodology.
- Oversee corrective action plans (CAPs) penetration testing results audit findings and risk treatment outcomes.
- Collaborate with IT partners and key stakeholders to prioritize implement and track remediation efforts.
- Monitor regulatory changes and industry threats to proactively identify emerging risks recommend mitigation strategies and document findings.
- Contribute to risk reporting including executive dashboards and participate in risk acceptance processes and governance reviews.
- Contribute to the development review and improvement of cybersecurity policies standards and procedures.
- Evaluate policy exceptions and assist in documenting decisions for governance committees.
- Enhance the organizations cybersecurity awareness and training efforts by communicating risk insights to technical and non-technical audiences.
- Other duties as assigned
Required Qualifications
- Bachelors degree in Information Security Computer Science Engineering Information Technology or a related field; masters degree preferred
- 3 years of experience in cybersecurity information security risk management audit; healthcare industry experience strongly preferred
- Demonstrated experience with risk assessment methodologies auditing information security practices and familiarity with risk management platforms and risk registers
- Strong understanding of regulatory compliance and industry best practices towards maintaining compliance with HIPAA NIST and other relevant healthcare regulations and standards
- One or more of the following certifications are or must be obtained within 12 months of hire: CRISC CISM CISA or any other applicable certification
- Ability to lead and structure risk assessments with limited supervision
- Ability to manage multiple concurrent assessments and projects in a fast-paced healthcare setting
- Experience preparing both detailed technical risk reports and executive-level summaries tailored to varied audiences to support informed decision-making and governance oversight
- Ability to build strong cross-functional relationships and collaboration across departments including IT Legal Compliance Clinical Operations and Privacy to support a collaborative approach to risk management and governance
- Strong written and verbal communication and interpersonal skills including ability to translate technical findings into business-relevant language for leadership audiences
- Experience tracking audit findings third party vendor risks and remediation efforts
- Familiarity with security platforms and tools
- Ability to analyze contractual security language to identify risk exposure and recommend controls
- Ability to learn quickly and work effectively in a team environment
- Ability to understand and work with healthcare professionals educators and researchers
- Ability to integrate cybersecurity risk management with business operations healthcare delivery and IT services
Position Details
- Job Type/FTE: Full Time
- Shift: Days
- Location: Flexible (Hyde Park; Darien)
- Unit/Department: Information Security Office
- CBA Code: Non-Union
Why Join Us
Weve been at the forefront of medicine since 1899. We provide superior healthcare with compassion always mindful that each patient is a person an individual. To accomplish this we need employees with passion talent and commitment with patients and with each other. Were in this together: working to advance medical innovation serve the health needs of the community and move our collective knowledge forward. If youd like to add enriching human life to your profile UChicago Medicine is for you. Here at the forefront were doing work that really matters. Join us. Bring your passion.
UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at:UChicago Medicine Career Opportunities.
UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race color ethnicity ancestry sex sexual orientation gender identity marital status civil union status parental status religion national origin age disability veteran status and other legally protected characteristics.
Must comply with UChicago Medicines COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly a pre-employment physical drug screening and background check are also required for all employees prior to hire.
Compensation & Benefits Overview
UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.
The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.
Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.
Required Experience:
IC
Employment Type
Full-Time
