IS Team/Project Leader - Security Risk Assessor

This job is no longer active. View similar jobs.

POST DATE 9/14/2016
END DATE 7/19/2017

Northwestern Memorial Healthcare Carol Stream, IL

Carol Stream, IL
AJE Ref #
Job Classification
Full Time
Job Type
Company Ref #
Mid-Career (2 - 15 years)
Bachelors Degree


The Information Services Team/Project Leader will provide guidance and coordinate the activities of cross functional operational support and project teams, ranging from 3 to 10 individuals. Teams generally consist of Information Services analysts, operations department experts, and vendor/contractor specialists. The Information Services Team/Project Leader manages the selection, installation, configuration, conversion, implementation and support of systems. These systems, both hardware and software, must be selected, configured and implemented in accordance with NMH accepted technical and application standards and follow NMH policies for capital and operating expense allocation. Implemented systems will effectively support the business requirements of the targeted user community.

Additional Summary

Responsible for identifying, prioritizing, reporting, and tracking information technology and process Security risks. Applying in-depth knowledge of regulatory requirements (HIPAA, PCI, etc.) , industry trends, and Information Security best practices, this position will assess risk over a spectrum of technologies, from large and complex projects to smaller service-based initiatives. This position produces assessments with evidence and policy based descriptions of identified risks as well as recommended options for remediating them. The Security Risk Assessor ensures that identified risks are centrally recorded with sufficient detail (e.g., ownership, priority, follow-up plans and dates) to produce up-to-date profiles of enterprise risk status. The Security risk assessor will successfully articulate the risk profile and status to both technology and business leadership.

Additional Responsibilities

* Apply proven methods of risk assessment in collaboration with business and IT stakeholders to identify, prioritize, and communicate Security risk. Provide Security requirements and guidance to business owners and Information Technology sponsors to ensure alignment to Information Security policy, process and standards

* Direct and monitor the due diligence of Information Security risk assessments on an ongoing basis, working with risk owners to ensure appropriate controls and countermeasures are implemented. Where risks cannot be eliminated, ensure that an cross-functional review and exception process is in place

* Track Information Security risks to ensure resolution plans are identified and on target for implementation within agreed periods. Regularly re-evaluate accepted risk for opportunities to mitigate. Interpret and report on key Information Security risks & trends in order to communicate to the Chief Information Security Executive and the risk owners the effectiveness of implemented controls as well as opportunities for policy, technical, and administrative improvement

* Provide consulting services to all staff on technical Security related issues. Provide Security consultation to business owners, supply chain management, and legal in the negotiation of Information Security related contractual items

* Drive compliance to Information Security standards within the system by advocating Information Security policies, procedures, solutions, and standards

* Provide coaching, professional guidance, and support to other Information Security, or Information Technology team members in order to foster professional development. Provide consulting services to all staff on technical Security related issues

* Other duties outside of those listed above may be assigned in support of Information Security goals and objectives for the organization


* Bachelors degree appropriate to Cybersecurity discipline or equivalent combination of education and experience. Related certifications (e.g., CISSP, CISM, CISA) preferred

* 8 10 years of combined IT and Security work experience with a broad range of exposure to business/systems analysis, and Security assessments

* Experience in one or more of the following:

* Cybersecurity Assessments

* Third-Party / Vendor Assessments

* System Analysis ~ Technology Issue Resolutio

* In-depth knowledge of Information Security risks one or more Security frameworks (HIPAA, PCI, etc.) and industry best practices

* Working knowledge of technical areas such as data warehouses, mainframes, networks, applications, etc.

* Experience in leading Information Services projects

* Experience in delivering formal presentations

* Excellent verbal and written communication skills


* Information Security certification is desired (e.g. CISSP, CISSLP, GIAC, CISA, etc.) but not required

* Healthcare knowledge and/or experience,

* Knowledge of business areas, especially those represented on team,

* Project Management Education (Undergraduate, Graduate or PMI Certification).