Senior Cyber Risk Analyst

Tempus AI•Chicago, IL

1d•Hybrid

About The Position

Passionate about precision medicine and advancing the healthcare industry? Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time. As a Senior Cyber Risk Analyst at Tempus AI, you will be the driving force behind our Cyber Risk Management Program, serving as the primary custodian of the organization's Cyber Risk Register. Your expertise in integrating cyber risk management practices within a fast-paced, health-tech environment will be crucial to providing leadership with clear visibility into our cyber risk posture and ensuring the continuous security and compliance of our platforms.

Requirements

5+ years of technical experience in information security, risk management, or GRC within the technology, AI, or healthcare industries.
Deep understanding of cybersecurity principles, threat landscapes, and control frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, HITRUST).
Proven track record of building, maintaining, or heavily contributing to a Cyber Risk Register.
Experience with risk quantification methodologies and leading GRC platforms (e.g., ServiceNow GRC, RSA Archer, AuditBoard, or similar).
Exceptional ability to manage multiple concurrent programs, working proactively to align multi-disciplinary stakeholders toward secure outcomes.
Excellent written and verbal communication skills. You must possess the unique ability to act as a "translator" of risk—taking complex technical vulnerabilities and clearly articulating the business risk to diverse teams of biologists, medical professionals, engineers, operators, and data scientists.

Responsibilities

Own the Risk Lifecycle: Serve as the primary owner for the "care and feeding" of the Cyber Risk Register. Oversee the end-to-end lifecycle of cybersecurity risks, including identification, logging, analysis, treatment tracking, and closure.
Risk Quantification & Scoring: Apply standardized risk assessment methodologies to accurately calculate risk impact/severity, likelihood/occurence, and controls/detectability, ensuring risks are prioritized effectively.
Develop and maintain intuitive risk dashboards and Key Risk Indicators (KRIs). Provide clear, data-driven reports to the Director of Data Security, the CISO, and executive leadership regarding our current risk posture and remediation progress.
Actively support the broader Enterprise Risk Management (ERM) program by translating technical cyber risks into business impacts, ensuring seamless reporting to ERM leadership.
M&A Due Diligence: Provide technical expertise during Mergers and Acquisitions (M&A). Conduct pre-acquisition security risk analyses and ensure post-acquisition inherited risks are properly ingested into the Cyber Risk Register and tracked to remediation.
Coordinate with Technology, Legal, and Security teams to ensure risk mitigation efforts align with required regulatory standards (e.g., HIPAA, HITRUST, GDPR, ISO 27001).