Share this Job

Senior HIT Security, Risk & Governance Analyst

Req #:  132422
Facility:  Support Centers
Department:  Information Systems
City:  Oak Brook
Posting Budget Status:  Day
Shift Type:  Full Time - Permanent
Posting FTE:  1

Advocate Health Care, the largest health system in Illinois and one of the largest health care providers in the Midwest. Our Corporate Support & Operations Services are equally committed to advancing Advocate's goal of building lifelong relationships with patients by delivering the best health outcomes and highest level of service through an integrated approach to care and wellness.

Senior HIT Security, Risk & Governance Analyst

Site:- Advocate Support Center – Kensington, Oak Brook , IL

Status: Fulltime Exempt (40 hours per week)


Advocate Aurora Health is the 10th largest not-for-profit, integrated health system in the United States and a leading employer in the Midwest with more than 70,000 employees and the region’s largest employed medical staff and home health organization. A national leader in clinical innovation, health outcomes, consumer experience and value-based care, the system serves nearly 3 million patients annually in Illinois and Wisconsin across more than 500 sites of care. Advocate Aurora is engaged in hundreds of clinical trials and research studies, and is nationally recognized for its expertise in cardiology, neurosciences, oncology and pediatrics. The organization contributed $2 billion in charitable care and services to its communities in 2016.

Aurora Careers for Wisconsin jobs and Advocate Careers for Illinois jobs.



We Help People Live Well


  • Excellence: We are a top performing health system in all that we do and continually find new and better ways to improve.
  • Compassion: We unselfishly care for others.

Respect: We treat people in a way that value their unique needs and preferences


Primary Purpose:

This role is responsible for executing the organization’s information security risk management and governance programs at an enterprise level. The role acts as a liaison between HIT and other internal stakeholders to effectively identify, mitigate, track and reduce potential risks, increasing awareness to those risks and continuously improving risk management processes based on regulatory or environmental changes. Maintains the risk management process, including a risk register to identify and prioritize risk to Advocate Aurora and ensures that each risk is properly managed, which allows Advocate Aurora to protect its intellectual property and regulated patient and caregiver data.


Major Responsibilities:

  • Conduct risk analysis of HIT applications containing electronic protected health information (ePHI) and HIT infrastructure.
  • Conduct annual site assessments to identify risks and process gaps in the field.
  • Implement risk management processes, including risk reporting, to identify and prioritize risk to AAH and ensures that each risk is assigned a business owner to ensure proper risk management. 
  • Create and maintain the HIT risk register to track identified risk, risk owners and action plans for risk treatment.
  • Assist in preparing, and at times presenting before organizational leadership, staff, government, and other external audiences.
  • Develop and maintain metrics to communicate IT risk, including a monthly report of AAHs top risks for senior management review.
  • Coordinate HIT efforts to implement appropriate controls to mitigate IT risk. 
  • Review risk status with senior leadership on a regular basis and provide recommendations for improvement.
  • Review documented security controls for all AAH systems, including but not limited to reviews of current HIT processes and procedures and provide assistance in analyzing and recommending improvements both to minimize risk, but also to guide process owners on potential paths for remediation.
  • Manage and enhance appropriate governance, risk management and compliance (GRC) processes and tools to efficiently manage HIT risk.
  • Coordinate all efforts to effectively identify, report and mediate all security control gaps and vulnerabilities. 
  • Licensure, Registration and/or Certification Required:
  • CASP CE, CCNP Security, CISA, CISSP, GCIH, CRISC, or equivalent.

 Education Required:

  • Bachelor's Degree in Computer Science or related field.

Experience Required:

  • Typically requires a minimum of three to four years of experience in IT security, risk management, and information systems control frameworks (NIST, COBIT, ISO).


Knowledge, Skills & Abilities Required:

  • Excellent organizational and project management skills with the ability to manage and complete multiple projects.
  • Proven analytical and problem-solving skills.
  • Excellent communication skills including the ability to advise and communicate with individuals at all levels of the organization.
  • Ability to lead cross-functional teams to improve HIT processes and mitigate risk.


Physical Requirements and Working Conditions:

  • Position may require travel which may result in exposure to road and weather hazards.
  • Exposed to normal office environment.
  • Operates all equipment necessary to perform the job.



About Advocate Health Care


Advocate Health Care, named among the nation’s Top 5 large health systems based on quality by Truven Analytics, is the largest health system in Illinois and one of the largest health care providers in the Midwest. Advocate operates more than 250 sites of care, including 12 hospitals that encompass 11 acute care hospitals, the state’s largest integrated children’s network, the state’s largest emergency and Level I trauma network, one of the area’s largest home health care companies, and the region’s largest medical group. Advocate Health Care has 4 teaching hospitals and is a not-for-profit, mission-based health system affiliated with the Evangelical Lutheran Church in America and the United Church of Christ.

Nearest Major Market: Chicago