Information Security Risk Analyst

Join a world-class academic healthcare system, UChicago Medicine, as an Information Security Risk Analyst in our Information Security department. This position will be primarily a work from home opportunity with the requirement to come onsite as needed. You will need to be based in the greater Chicagoland area. The Information Security Risk Analyst is a key member within the Governance, Risk and Compliance team, supporting and executing the information security and risk management strategy for the University of Chicago Medicine. The analyst will conduct risk analysis on information systems, platforms, and processes in accordance with established regulations and organizational standards. The analyst will assist in identifying, assessing, tracking, reporting, and supporting the mitigation of information security risks across the organization. This position plays a key role in ensuring the organization's adherence to HIPAA, NIST, and other healthcare cybersecurity regulations and frameworks. The analyst will work closely with internal stakeholders, IT Partners, and third-party stakeholders to ensure risks are identified, documented, mitigated, and aligned with regulatory and policy requirements to promote a risk-aware culture and safeguard patient and institutional data. The role supports the continuous improvement of the organization's risk management program and provides insights for strategic decision-making. The ideal candidate will have a strong understanding of security frameworks, risk assessment methodologies, risk assessments, risk register, management of audit and penetration testing findings, monitoring of regulatory developments while promoting a culture of risk awareness.