×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant

Sr IT Controls & Risk Specialist

Job in Northbrook, Cook County, Illinois, 60065, USA
Listing for: Medline Industries, LP
Full Time position
Listed on 2025-12-01
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant
Job Description & How to Apply Below

Overview

Medline is looking for a Senior IT Controls & Risk Specialist to play a critical role in establishing and managing an IT controls framework for the enterprise. Reporting to the IT Controls & Risk Manager, this position will lead the design, development, and implementation of information and technology risk management policies, standards, processes, and best practices and drive adoption through effective enterprise change management, education and awareness.

Additionally, the specialist will evaluate the compliance of new and existing technology solutions against applicable controls.

Major Responsibilities
  • Control Framework Development:
    Analyze, design, create, and maintain a unified IT controls framework drawing from leading industry frameworks and applicable regulatory requirements (e.g. NIST CSF, CIS, HITRUST, PCI, etc.).
  • Documentation:
    Create comprehensive documentation for the controls framework, including risks, control objectives, and implementation guidelines. Align with existing enterprise policies and develop policies to fill identified gaps.
  • Stakeholder Engagement:
    Collaborate with cross-functional teams to ensure stakeholder buy-in and alignment with organizational risk tolerance.
  • Compliance Evaluation:
    Assess new and existing technologies for compliance with applicable controls.
  • Risk Register Management:
    Maintain a risk register to manage non-compliance and track remediation efforts.
  • Tool Administration:
    Lead the configuration of GRC tools used for IT risk management processes.
  • Material Development:
    Develop tailored written and verbal awareness materials for different audiences, supporting user education initiatives.
  • Drive communication campaigns to ensure employee adoption using metrics to measure and track success.
  • Communication Planning:
    Execute a communication plan for impacted audiences when process and policy changes are made.
  • Relationship Building:
    Build trusted relationships with IT Compliance, Information Security, Legal, and Corporate Compliance teams to ensure message alignment and cross-functional collaboration.
Minimum

Job Requirements

Education
Bachelor’s Degree in Information Technology, Information Security, Risk Management, Business Administration, or related field. Or equivalent combination of education, professional certifications, and relevant work experience.

Certification / Licensure
None required.

Work Experience
3+ years professional experience within IT Controls and Frameworks, IT Risk Management, IT Internal Controls, or related GRC field.

Knowledge / Skills / Abilities

  • Experience developing or maintaining a controls-based IT compliance framework
  • Experience evaluating or auditing web-based software technologies against company or regulatory requirements
  • Experience deploying or supporting risk management, compliance, information security, information governance, or privacy programs across a large enterprise
  • In-depth understanding of NIST CSF, CIS, NIST 800-53, HITRUST, CMMC, PCI DSS, or similar frameworks. Ability to describe framework scope, composition, and implementation strategies.
  • Familiar with the technical components of software technologies, including APIs, web services, and common web and cloud application integration and architecture patterns
  • Experience with modern GRC tools and other technologies supporting IT risk management activities
  • Experience applying change management methodologies to support IT risk management initiatives
  • Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
  • Proven ability to effectively interact with, manage, and influence cross-functional teams and partners
Preferred

Job Requirements
  • 8+ years of professional experience in Technology Risk, Information Security, or leadership role in a technical area within a highly regulated industry.
  • Certification in relevant GRC discipline (e.g., CISA, CISM, CRISC, CISSP, CGRC) or IT governance frameworks (e.g., ITIL).
  • Experience implementing or using Audit Board Cross Comply, Audit Board ITRM, or other TPRM, Privacy, or GRC tools
  • Participation in IT compliance and audit processes
  • Experience organizing…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search