Senior Security Analyst Job Campus Illinois USA,IT/Tech

Location: Campus

Job Title

Security Governance Analyst – HIPAA & HITRUST Compliance

Location

Offshore / Remote

Department

Information Security & Compliance

Reports To

Manager – Security Governance, Risk & Compliance (GRC)

Role Summary

The Security Governance Analyst is responsible for ensuring that the organization maintains compliance with applicable regulatory and industry frameworks, including HIPAA, HITRUST CSF, and related privacy and security controls. This role involves establishing, maintaining, and continuously improving the security governance framework, assessing risk, and ensuring that information security practices align with organizational policies, contractual requirements, and healthcare regulations.

Key Responsibilities

Develop, implement, and maintain governance frameworks aligned with HIPAA Security & Privacy Rules and HITRUST CSF requirements.
Conduct periodic compliance assessments and gap analyses to identify areas of non-compliance and drive remediation.
Coordinate HITRUST certification and readiness activities, including control mapping, evidence collection, and audit coordination.
Maintain up-to-date knowledge of regulatory requirements and ensure internal policies reflect evolving standards.
Support internal and external audits, ensuring timely response and closure of findings.
Perform risk assessments across systems and business units to ensure compliance with HIPAA/HITRUST requirements.
Track and report on remediation progress for identified risks and control deficiencies.
Assist with third-party vendor risk assessments, ensuring business associates adhere to HIPAA and HITRUST standards.
Draft, review, and maintain security policies, standards, and procedures in alignment with governance frameworks.
Map organizational controls to the HITRUST CSF control categories (19 domains) and NIST/ISO equivalents.
Work with IT and Security Operations teams to ensure controls are effectively implemented and monitored.
Promote compliance awareness through periodic training and communication programs.
Serve as a subject matter expert for HIPAA and HITRUST compliance questions across departments.

Required Qualifications

Bachelor’s degree in Information Security, Information Systems, or related field (or equivalent experience).
3–7 years of experience in security governance, risk, and compliance (GRC) roles.
In-depth understanding of HIPAA Security and Privacy Rules and HITRUST CSF control framework.
Experience conducting audits, risk assessments, and compliance reporting.
Familiarity with frameworks such as NIST 800-53, ISO 27001, and SOC 2.
Strong documentation, analytical, and communication skills.

Preferred Qualifications

HITRUST CCSFP (Certified CSF Practitioner) or CHQP (HITRUST Certified Healthcare Quality Professional).
CISA, CISM, CRISC, or CISSP certifications preferred.
Experience in healthcare, payer, or provider environments.
Knowledge of cloud security controls (Azure, AWS, GCP) and PHI data handling practices.

Soft Skills

Strong attention to detail and ability to manage multiple priorities.
Excellent collaboration and stakeholder management skills.
Ability to translate regulatory requirements into practical technical and operational controls.

Experience Range

3–7 years

Seniority Level

Mid-Senior level

Employment Type

Contract

Job Function

Information Technology

Industries

IT Services and IT Consulting

#J-18808-Ljbffr


Increase/decrease your Search Radius (miles)



Job Posting Language