Lead governance, implementation, and enforcement of IT/IS policies and security baselines (network, identity, endpoint, data protection, backups). Manage assessments, exceptions, and remediation; map controls to NIST/ISO; present risk metrics and executive briefings; recommend security products and controls; support training and awareness; collaborate with stakeholders and ERM; mentor junior GRC staff and lead compliance projects.
At HCSC, our employees are the cornerstone of our business and the foundation to our success. We empower employees with curated development plans that foster growth and promote rewarding, fulfilling careers.
Join HCSC and be part of a purpose-driven company that will invest in your professional development.
Job SummaryThis position is responsible for the governance, architecture, implementation, and enforcement of Information Technology (IT) and Information Security (IS) policies, standards, and procedures to ensure the confidentiality, integrity, and availability of enterprise systems, applications, data, and information resources. The role oversees the analysis, tracking, and remediation of IT and IS policy exceptions, assessment findings, and internal or external risk assessments.The position establishes, maintains, and enforces security baseline requirements across critical technology domains, including but not limited to network security (segmentation, firewalls, secure configurations), identity and access management (multi-factor authentication, least privilege, privileged access controls), endpoint security (hardening standards, endpoint detection and response), data protection (encryption, data classification), and resilience controls such as secure, immutable, and tested backup and recovery capabilities. These requirements are defined in accordance with ISO and NIST control objectives and are regularly assessed for effectiveness.
The position maintains continuous awareness of emerging technologies, cybersecurity threats, regulatory requirements, and industry best practices, and provides strategic recommendations for the adoption or modification of technologies, controls, processes, and policies as appropriate. It proactively identifies gaps or deficiencies in existing IT and IS governance frameworks and leads the development or revision of policies, standards, and procedures to address evolving business needs, technology advancements, and future organizational growth.
The role conducts and presents risk summaries, metrics, executive briefings, and formal reports to management, advising on material IT and information security risks that may impact business objectives, operational resilience, or regulatory compliance. It collaborates closely with enterprise stakeholders and contributes risk intelligence and control evaluation results to the Enterprise Risk Management (ERM) program.
Additionally, the position evaluates and recommends IT and information security products, services, and processes to mitigate identified risks and ensure compliance with applicable corporate policies, contractual obligations, laws, and regulatory mandates. It implements and supports IT and information security awareness and training programs, delivering education on security policies, standards, controls, and best practices across the organization.
The role partners with subject matter experts (SMEs) to develop and document corrective action and remediation plans, and monitors remediation progress. It serves as a project lead and mentor to junior GRC team members and may lead cross-functional initiatives, functional teams, or compliance-related projects as required.Required Job Qualifications: * Bachelor Degree and 4 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration or 8 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration. * Understand IT / IS concepts and how to artciulate those in terms of risk.Interprets internal or external business issues and concepts and and can translate those into IT concepts that must be addressed via policy. * Understand key IT / IS laws and regulations, such as the Health Insurance Portability and Accountability Act, as well as governance and compliance frameworks (e.g. NIST, COBIT, ITIL, HITRUST). * Experience with audit and compliance controls. This could include previous IT auditing experience and / or technical controls implementation, as well as the ability to respond apprpriately to audit and assessment findings. * Initiate and invoke creativity to solve complex problems; takes an “outside –in”perspective to identify innovative solutions * Collaborate well with individuals across the business and IT, as well as at all levels of the organization. Verbal and written communication skills, including the ability to articulate complex concepts to various technical and non-technical audiences. * Experience with and understanding of overall GRC concepts. * Work independently, with guidance in only the most complex situations. * May lead functional teams or projects. Preferred Job Qualifications: * Bachelor Degree in Computer Science, Information Systems, or other related field. * Experience with a GRC solution.
Are you being referred to one of our roles? If so, ask your connection at HCSC about our Employee Referral process!
Pay Transparency Statement:
At Health Care Service Corporation, you will be part of an organization committed to offering meaningful benefits to our employees to support their life outside of work. From health and wellness benefits, 401(k) savings plan, pension plan, paid time off, paid parental leave, disability insurance, supplemental life insurance, employee assistance program, paid holidays, tuition reimbursement, plus other incentives, we offer a robust total rewards package for employees. Learn more about our benefit offerings by visiting https://careers.hcsc.com/totalrewards.
The compensation offered will vary depending on your job-related skills, education, knowledge, and experience. This role aligns with an annual incentive bonus plan subject to the terms and the conditions of the plan.
HCSC Employment Statement:We are an Equal Opportunity Employment employer dedicated to providing a welcoming environment where the unique differences of our employees are respected and valued. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other legally protected characteristics.
Base Pay Range$84,400.00 - $152,300.00Exact compensation may vary based on skills, experience, and location.
Health Care Service Corporation Chicago, Illinois, USA Office
300 E Randolph St, Chicago, IL, United States, 60601
Similar Jobs
Artificial Intelligence • Healthtech • Professional Services • Analytics • Consulting
Lead FP&A analysis, build financial models and BI dashboards, support senior leaders with strategic analysis and presentations, identify trends to improve profitability, coordinate finance system/process improvements, and act as a liaison across finance, IT, and business stakeholders.
Top Skills:
ExcelGenerative AiPower BITableau
Artificial Intelligence • Healthtech • Professional Services • Analytics • Consulting
Drive and grow the ZS–Google Cloud alliance: manage governance and KPIs, build co-sell pipeline and joint GTM offerings, lead account alignment and enablement, run joint marketing and partner certification efforts, and execute strategic partner plans to expand revenue and market impact.
Top Skills:
Ai/MlAnalyticsApplication ModernizationDataGoogle Cloud MarketplaceGoogle Cloud Platform (Gcp)InfrastructureNetworkingSecurity
Information Technology
Design and maintain a skills-based learning architecture aligned to enterprise taxonomy and business priorities. Create multi-modality learning paths, develop high-impact instructional solutions, govern content standards, leverage learning technologies (including Workday Skills Cloud), and integrate AI-enabled practices to support enterprise transformation and leader/coworker capability development.
Top Skills:
ArticulateBrain SharkCamtasiaCanvaMonday.ComSmartsheetSynthesiaWorkday LmsWorkday Skills Cloud
What you need to know about the Chicago Tech Scene
With vibrant neighborhoods, great food and more affordable housing than either coast, Chicago might be the most liveable major tech hub. It is the birthplace of modern commodities and futures trading, a national hub for logistics and commerce, and home to the American Medical Association and the American Bar Association. This diverse blend of industry influences has helped Chicago emerge as a major player in verticals like fintech, biotechnology, legal tech, e-commerce and logistics technology. It’s also a major hiring center for tech companies on both coasts.
Key Facts About Chicago Tech
- Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
- Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
- Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
- Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory
