Sr Security Analyst

Advocate Health Care   •  

Oak Brook, IL

5 - 7 years

Posted 293 days ago

This job is no longer available.


The Sr. Security Analyst will serve within the Health Informatics and Technology (HIT) department and under the leadership of the Enterprise Change Control/IS Security Manager. 

  • Guides, drives, and helps with the continuous enhancement of the IS SecurityRisk Management, Change Control and the Business Continuity Management Programs.
  • Performs various risk assessments (e.g. application/system risk and business impact analyses), identifies specific controls needed based on IT/Security regulatory guidance and best practices, and provides a monitoring and testing strategy for ongoing HIT enterprise initiatives.
  • Assists with integrating the overall IS SecurityRisk Management program with the business continuity efforts for core Electronic Medical Record (EMR) systems and other ancillary applications.
  • Works closely with HIT and business key stakeholders to educate on control requirements and associated inherited and residual risk exposures.
  • Ensures that HIT has a comprehensive and sound security practice so that assurance and reliance can be placed on the security, confidentiality and IT compliance for the organization.


  • Data collection and aggregation: consulting with end users in specific departments/divisions to obtain information related to various risk assessments and create report deliverables;
  • Familiarity with the Business Continuity and Disaster Recovery processes including, but not limited to the following: performing business impact analysis, strategic selection of systems for disaster recovery, and coordinating mock-disaster recovery exercises to test the adequacy of existing IS plans;
  • On-call support as a result of Disaster Recovery needs and activities
  • Coordinate change control activities (e.g. SDLC) for various core Advocate systems;
  • Prepare, conduct, and assist with remediation of both internal and external audits, security/risk assessments, and vulnerability scans. Assist with coordinating requests from auditors during the audit review period;
  • Traveling to Advocate sites for various meetings


  • 5 to 7 years of experience with information system security programs, IT audits, controls, and risk assessments;
  • Demonstrates proficiency in regulatory requirement guidelines like NIST800-53, HITRUST, PCI, ISO27001, SOC2.
  • CISSP, CISA, CRISC or other applicable certifications are a must or willingness to obtain within 1 to 2 years.
  • Familiarity with information risk management, and audit assisting tools.
  • Ability to collaborate with HIT and Senior Leadership and other business stakeholders to achieve objectives.
  • Have strong written, and verbal/presentation communication skills.
  • Be organized, detailed oriented, and analytical. Have project managementexperience.
  • Strong team player that can work independently.
  • BA/BS in Business or Computer related field (e.g. Management Information Systems)

Job ID: 88267