Share this Job

HIT Risk Governance Analyst

Req #:  215401
Facility:  Support Centers
Department:  Information Systems
City:  Oak Brook
Posting Budget Status:  Day
Shift Type:  Full Time - Permanent
Posting FTE:  1

Advocate Health Care, the largest health system in Illinois and one of the largest health care providers in the Midwest. Our Corporate Support & Operations Services are equally committed to advancing Advocate's goal of building lifelong relationships with patients by delivering the best health outcomes and highest level of service through an integrated approach to care and wellness.

This role is responsible for executing the organization's information security risk management and governance programs at an enterprise level. The role supports the HIT Risk and Governance team to effectively identify, mitigate, track and reduce potential risks, increasing awareness to those risks and continuously improving risk management processes based on regulatory or environmental changes. Executes the enterprise risk management process allowing Advocate Aurora to protect its intellectual property and regulated patient and caregiver data


  • Conduct risk analysis of HIT applications containing electronic protected health information (ePHI) and Aurora's IT infrastructure.
  • Maintain the HIT risk register to track identified risks and corrective action plans.
  • Coordinate HIT efforts to implement appropriate controls to mitigate IT risk. Reviews risk status with senior leadership on a regular basis.
  • Manage and enhance appropriate governance, risk management and compliance (GRC) processes and tools to efficiently manage HIT risk.
  • Document security controls for all AAH systems, including but not limited to reviews of current HIT processes and procedures and provide assistance in analyzing and recommending improvements both to minimize risk, but also to guide process owners on potential paths for remediation.
  • Coordinate all efforts to effectively identify, report and mediate all security control haps and vulnerabilities.
  • Develop and maintain custom developed Risk Management Application (ASCR) and accompanying modules.
  • Lead Risk Review Calls as well as assist in managing AAH's SSDLC program.  
  • Data cleaning and analysis; database development.
  •  Dsign and development of software tools in Python and other languages.
  •  Systems analysis and troubleshooting.
  •  Web technologies; backend needed; frontend highly desirable.


Position Requirements:

  • Education Required: Bachelor's Degree in Computer Science or related field or Associate's Degree with certification.
  • Experience Required: Typically requires 3 years of experience in IT security, risk management, and information systems control frameworks (NIST, COBIT, ISO). In lieu of experience, a relevant, advanced certification from ISACA, ISC2, SANS, CompTia or other recognized industry certification body would be considered.
  • Strong knowledge of Python is highly recommended
  • Knowledge, Skills and Abilities Required:
  • Excellent organizational and project management skills with the ability to manage and complete multiple projects.
  • Proven analytical and problem solving skills.
  • Excellent communication skills including the ability to advise and communicate with individuals at all levels of the organization.
  • Ability to lead cross~functional teams to improve HIT processes and mitigate risk.
  • Physical Requirements and Working Conditions:
  • Position may require travel which may result in exposure to road and weather hazards.
  • Exposed to normal office environment.
  • Operates all equipment necessary to perform the job.
  • This job description indicates the general nature and level of work expected of the incumbent. It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent may be required to perform other related duties.

About Advocate Health Care


Advocate Health Care, named among the nation’s Top 5 large health systems based on quality by Truven Analytics, is the largest health system in Illinois and one of the largest health care providers in the Midwest. Advocate operates more than 250 sites of care, including 12 hospitals that encompass 11 acute care hospitals, the state’s largest integrated children’s network, the state’s largest emergency and Level I trauma network, one of the area’s largest home health care companies, and the region’s largest medical group. Advocate Health Care has 4 teaching hospitals and is a not-for-profit, mission-based health system affiliated with the Evangelical Lutheran Church in America and the United Church of Christ.