This is a new hire position. Non-profit organization, excellent benefits and terrific work environment and culture of excellence. For a full list of benefits, send in an application. Thanks!
INFORMATION SECURITY AND COMPLIANCE ANALYST
CHICAGO IL | PERMANENT HIRE | $80K + Awesome Benefits
GENERAL FUNCTIONS: The Information Security and Compliance Analyst will ensure the compliance of all of the company’s USA information systems and data security. The focus is on HIPAA compliance as required by the Managed Services Organization (MSO) as well as overall data network, systems security practices and procedures for the entire organization.
The Information Security and Compliance Analyst will be a member of the Information Technology team responsible for risk management, governance and compliance activities. The position will be responsible for leading and executing security related projects and programs, such as information security risk assessments, information security program development, IT policies and procedures, project management, BCP/DRP, compliance audits, cybersecurity audits, among other types of engagements. The Information Security and Compliance Analyst will work directly with the Information Technology, MSO and Legal groups to understand HIPAA security risk issues, oversee risk assessment and mitigation efforts, and develop effective policies, practices and procedures to establish and administer ongoing activities to achieve HIPAA compliance.
KNOWLEDGE SKILLS AND ABILITIES:
• Bachelor’s Degree in Computer Sciences or equivalent education and experienced 3+ years of business and/or systems experience including experience with IT industry best practices and structured, analytical approaches to problem solving.
• 3 years of experience is working with security, audit and/or other governance and management related activities or an equivalent combination of education & experience.
• Certifications in the following preferred: Certifications in ISC2 CISSP, Risk and Information Systems Control (CRISC) or Governance of Enterprise IT (CGEIT) CompTIA Network +, CompTIA Security +, ITIL Foundations
• Have familiarity with industry standard compliance and information security frameworks such as COBiT, ISO27001, SOC2, HIPAA, e-PHI, PCI.
• Understand information security best practices, including principles, security protocols and standards.
• Ability to develop, document and establish formal security policies, practices and procedures. Provide sample portfolio.
• Ability to express verbal and written communications appropriate to the audience, from business stakeholders, to highly technical IT personnel, as well as audit/compliance personnel, and other team members.
• Ability to communicate professionally with both internal and external parties.
• Be highly organized and able to manage work effectively in a constantly shifting environment with multiple simultaneous tasks and deadlines.
• Track and report on status of remediation efforts.
• Ability to identify problems, risks and issues, facilitate and develop solutions with issue owners, and facilitate implementation of remediation efforts.
• Ability to gather data and synthesize information, perform analysis, and demonstrate how the results may impact the organization.
• Ability to read and interpret the results of audit reports and security assessments, associated compensating controls, residual risk, etc.
• Must be able to translate technical language and concepts to non-technical audiences.
• Possess and exercise a strong sense of ethics and confidentiality.
1770 N. Park St, Suite 100 Naperville, IL, 60563