Information Security Analyst, Governance, Risk, and Compliance

Job#: 3020974

Job Description:

Job Title: Governance, Risk & Compliance (GRC) Security Analyst (Hybrid)

• Department/Unit: Center for Translational Data Science (CTDS)
• Reports To: GRC Lead (with moderate direction)
• Work Location: 5841 S Maryland Avenue, Chicago, IL 60637
• Work Schedule: 40 hours/week | 8:30 AM - 5:00 PM (30-minute lunch)
• Hybrid Schedule: Onsite Tuesdays / Remote Monday, Wednesday-Friday
• Start Date: ASAP
• End Date: 7/30/2027 (term appointment as currently structured)

About the Center for Translational Data Science (CTDS)

• CTDS is seeking an experienced, organized, and self-driven professional who is passionate about Governance, Risk, and Compliance (GRC), cybersecurity, and operational excellence. This role supports secure research collaborations by strengthening security practices across hybrid environments and contributing to a culture of risk awareness and continuous improvement.
• You'll join a team that values thoughtful security guidance, clear communication, and staying current on emerging threats and evolving compliance expectations. The ideal candidate is a well-rounded practitioner who can move beyond administrative tasks to provide meaningful security insight and support cross-functional teams.

Role Summary

• As a GRC Security Analyst, you will coordinate and support security governance, risk, and compliance initiatives under the guidance of the GRC Lead. You will help maintain compliance documentation and evidence, support audits and remediation activities, and work with engineers, researchers, and administrators to implement controls and strengthen CTDS security posture.
• With moderate direction, you will perform procedures necessary to help ensure information system safety, monitor activity and potential threats, assist with risk assessments, and support changes to security processes and systems.

Key Responsibilities

• In this role, you will:
• Coordinate and support GRC projects and controls implementation under the guidance of the GRC Lead
• Prepare, track, and maintain project documentation, compliance artifacts, and audit evidence
• Facilitate internal and external audits, including evidence collection and remediation support (e.g., POA&Ms)
• Collaborate closely with engineers, researchers, and administrators to promote a culture of compliance
• Communicate security and compliance requirements in clear, accessible language and explain policies effectively
• Assist with risk register maintenance, basic threat modeling, and risk assessments across hybrid environments
• Monitor for fundamental risks (e.g., phishing attempts) and support proper handling of sensitive data (PII, PHI, CUI)
• Support compliance-aligned practices under guidelines and standards such as HIPAA, GDPR, FISMA, and NIST
• Support review and documentation of significant system changes, ensuring required compliance steps and approvals are completed prior to rollout
• Stay current on evolving federal and data privacy regulations and contribute new insights to ongoing compliance efforts
• Perform other related duties as needed

Minimum Qualifications

• Education
• Bachelor's degree from an accredited college or university in a related field such as Business, Administration, Computer Science, Information Security, or similar
• Experience
• 3-5 years of experience in one or more of the following:
  • Information security
  • Risk analysis
  • Auditing
  • Compliance
  • Governance
• Practical experience in highly regulated and/or federal environments, such as:
  • FedRAMP, FISMA, CMMC
• Basic scripting/automation experience (Python or similar) or willingness to learn
• Knowledge of audit and risk management methodologies such as:
  • COBIT, NIST 800-37 / 800-30, FAIR
• Experience with tools and solutions used for:
  • GRC, IAM, and compliance automation/documentation
  • Information security tools and solutions

Preferred Certifications (Desired)

• CompTIA Security+
• AWS or Google Cloud Platform Cloud Security certifications
• CISA, CISM, or CISSP Associate

Unit-Specific Competencies (Skills & Attributes)

• Successful candidates typically demonstrate:
• Practical understanding of core cybersecurity concepts (e.g., access control, authentication, threat vectors)
• Familiarity with federal cybersecurity frameworks and requirements: FedRAMP, FISMA, NIST
• Knowledge of hybrid IT systems, networking, and cloud environments (e.g., AWS, Google Cloud)
• Strong organizational skills; able to manage multiple priorities and projects effectively
• High adaptability and responsiveness in a dynamic, demand-based environment
• Strong relationship-building skills and effectiveness across cross-functional teams
• Sound judgment: ability to weigh Center/partner/agency needs against security and risk tolerance
• Ability to conceptualize a course of action and execute successfully-often under tight deadlines
• Ability to present information consistently and concisely
• Excellent written and verbal communication skills; ability to foster collaborative working relationships

Security & Compliance Expectations (Role Requirements)

• With moderate direction, the employee will:
• Perform procedures necessary to help ensure the safety of information systems
• Monitor system activity, identify potential threats, and respond to detected or reported security violations
• Research, recommend, and support implementation of changes to procedures and systems to enhance security
• Communicate with users to understand security needs and help implement procedures that meet those needs
• Ensure the user community understands and adheres to required procedures to maintain security

Pre-Employment Screening Requirements

• This position is subject to screening requirements that may include:
• Background screen
• Credit history
• Education verification
• Employment verification
• Motor vehicle records
• Professional license and certification verification

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.