Salary: $75,000-$85,000-commensurate with experience
About UI Health:
The University of Illinois Hospital & Health Sciences System (UI Health) provides comprehensive care, education, and research to the people of Illinois and beyond. A part of the University of Illinois at Chicago (UIC), UI Health comprises a clinical enterprise that includes a 495-bed tertiary care hospital, 22 outpatient clinics, and 13 Mile Square Health Center facilities, which are Federally Qualified Health Centers. It also includes the seven UIC health science colleges: the College of Applied Health Sciences; the College of Dentistry; the School of Public Health; the Jane Addams College of Social Work; and the Colleges of Medicine, Pharmacy, and Nursing, including regional campuses in Peoria, Quad Cities, Rockford, Springfield, and Urbana. UI Health is dedicated to the pursuit of health equity.
Position Summary The Cybersecurity Third-Party Risk Analyst plays a crucial role in maintaining UI Health's security posture by evaluating and managing risks linked to third-party vendors and partners. The analyst collaborates closely with internal stakeholders to develop and maintain an inventory of vendors and partners throughout the risk management cycle. The analyst will also assess the cybersecurity practices of external entities, identify potential vulnerabilities or weaknesses, and implement effective strategies to mitigate risks.
Duties & Responsibilities
Vendor Risk Assessments: conduct cybersecurity assessments of third-party vendors' cybersecurity practices, including policies, procedures, and technical controls.
Risk Identification and Analysis: identify potential cybersecurity risks associated with third-party relationships through analysis of vendor documentation, security assessments, and other relevant sources.
Risk Mitigation Planning: assist in developing risk mitigation strategies and recommendations to address identified vulnerabilities or weaknesses in third-party vendors' cybersecurity posture.
Monitoring: monitor the cybersecurity posture of third-party vendors on an ongoing basis and track remediation efforts.
Reporting: assist in developing key performance indicators (KPIs) and metrics for measuring the performance of the third-party risk management program and provide regular reports to management on the status of vendor-related risks.
Collaboration and Communication: collaborate closely with internal stakeholders, including procurement, legal, vendors' sponsors, and IT teams, to ensure cybersecurity considerations are adequately addressed. Communicate effectively with third-party vendors and internal stakeholders to convey expectations and requirements related to cybersecurity.
Continuous Improvement: stay abreast of emerging cybersecurity threats, trends, and best practices related to third-party risk management. Continuously assists in refining and enhancing UI Health's third-party risk management processes and procedures.
On-call 24x7 operational support
Other duties as assigned
Perform other related duties and participate in special projects as assigned.
Minimum Qualifications
Bachelor Degree - Computer Science, Engineering, Information Systems Management, related information management field or a clinical area of study.
Minimum of one (1) year professional level IT experience within IS Security which includes; Demonstrated experience in assessing, monitoring and maintaining, and evaluating information security policies and systems, including hardware, firmware and software; ensure that clinical and financial information is secure in accordance with established standards and regulatory requirements. Also demonstrated planning, maintaining, implementing and evaluating the secure management of electronic data whether at rest, in motion or in use or Clinical Experience.
Preferred Qualifications
Preferred two years' experience dealing with internal stakeholders and vendors. Understanding of cybersecurity principles, frameworks (e.g., NIST, ISO 27001), reports (e.g., SOC), and regulatory requirements (e.g., GDPR, HIPAA, PCI). Strong analytical and communication skills. Experience: minimum of one year of professional IT experience, including: Demonstrated experience of interacting with internal stakeholders and vendors.
Excellent analytical skills, with the ability to assess technical and business risks associated with third-party relationships.
Effective communication and interpersonal skills, with the ability to communicate technical concepts to non-technical stakeholders to explain risk and required mitigation steps.
Detail-oriented approach with organizational skills and the ability to manage multiple tasks simultaneously. Ability to adhere to established policies and procedures.
Expertise in network security tools and techniques (risk management, analytical, communication and organizational skills, etc).
Fully complete all sections of the online application including adding your full work history with specific details of your duties & responsibilities for each position held. Fully complete the education, licensure, certification, and language sections.
You may upload a resume, cover letter, certifications, licensures, transcripts, and diplomas within the document section of your online application.
When completing your online application, please be sure to provide detailed information about your job knowledge and specific duties and responsibilities, as your qualifications for any Civil Service position will be primarily determined based on what is contained in the application. Dates of employment and if employed on a full or part time basis (including number of hours per week) must be indicated for each position held. Additional consideration will be given to supporting documentation i.e., resume, transcripts, licenses, and certifications so please be sure to attach all applicable documents.
If an application is not fully completed and submitted by the close date, the applicant/employee will not be considered for this position.
For fullest consideration, the above-mentioned requirements must be submitted no later than 10/15/2024.
Please note that once you have submitted your application you will not be able to make any changes. In order to revise your application, you must withdraw and reapply. You will not be able to reapply after the posting close date. Please ensure the application is fully completed and all supporting documents have been uploaded before the posting close date.
This is a full-time and benefits eligible position. UI Health offers competitive salaries commensurate with experience. All full time benefits eligible positions include a comprehensive benefits package which include; Health, Dental, Vision, Life, Disability & AD&D insurance, a defined benefit pension plan as well as paid leave which includes; Vacation, Holiday and Sick. In addition, we offer tuition waivers for employees and dependents. Go to https://www.hr.uillinois.edu/benefits for a complete list of Employee Benefits.
The University of Illinois System is an equal opportunity employer, including but not limited to disability and/or veteran status, and complies with all applicable state and federal employment mandates. Please visit Required Employment Notices and Posters to view our non-discrimination statement and find additional information about required background checks, sexual harassment/misconduct disclosures, and employment eligibility review through E-Verify.
The university provides accommodations to applicants and employees. Request an Accommodation Looking for more University of Illinois positions?
We invite you to search for positions at each of the University of Illinois locations, the University of Illinois System Office and the University of Illinois Foundation. The University of Illinois System Office supports the primary missions of teaching, research, public service, and economic development for all of the Universities and offers positions in all locations. The University of Illinois Foundation is the official fundraising and private gift-receiving agency for the University of Illinois and also offers position in all locations. Click the links below to search for other University of Illinois positions.
The University of Illinois System is an equal opportunity employer, including but not limited to disability and/or veteran status, and complies with all applicable state and federal employment mandates. Please visit Required Employment Notices and Posters to view our non-discrimination statement and find additional information about required background checks, sexual harassment/misconduct disclosures, and employment eligibility review through E-Verify.
The University of Illinois Chicago is the city’s largest university and its only public Carnegie Research 1 institution. Its 16 academic colleges serve close to 34,000 undergraduate, graduate and professional students. UIC is recognized as one of the best public universities and one of the most ethnically rich and culturally diverse campuses in the nation, located in the heart of Chicago, it is an integral part of the city's educational, technological and cultural fabric.