IT Security Engineer III- GRC SME
Job in
Warrenville, DuPage County, Illinois, 60555, USA
Listed on 2025-12-18
Listing for:
Edward Elmhurst Health
Full Time
position Listed on 2025-12-18
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below
SRO Corporate Center Warrenville 4201 Winfield Road:
NCO 3040 Salt Creek Ln Arlington Heights time type:
Full time posted on:
Posted Yesterday job requisition :
R36783
** Hourly Pay Range:**$41.64 - $64.54 - The hourly pay rate offered is determined by a candidate's expertise and years of experience, among other factors.
** Position Highlights:
*** Position: IT Security Engineer III - GRC SME
* Location:
Warrenville, IL or Skokie, IL or Arlington Heights, IL
* Full Time
* Hours:
Monday-Friday, 8:00am - 5:00pm
* Hybrid Position
*
* Job Summary:
** The Security Engineer III – GRC at Endeavor Health is responsible for strengthening the organization’s cybersecurity posture through the execution of governance, risk management, and compliance activities. This role focuses on developing, documenting, and refining security standards and procedures; performing risk and control assessments; and ensuring alignment with healthcare regulatory and security frameworks, including HIPAA, industry standards, and organizational policies.
Working primarily in a remote capacity, this role partners closely with Information Security, IT, clinical technology teams, and business stakeholders to evaluate security risks, support compliance initiatives, and guide the secure design and operation of internal and external systems. The Security Engineer III also provides technical leadership, mentors junior staff, and supports enterprise-wide cybersecurity initiatives.
*
* What you will do:
*** Execute cybersecurity risk assessments, control reviews, and governance activities across infrastructure, applications, cloud services, and medical technologies.
* Conduct cybersecurity and compliance assessments aligned with HIPAA Security and Privacy Rules, internal policies, and applicable regulatory and industry standards.
* Identify cybersecurity risks related to medical devices, applications, and systems, and provide actionable mitigation and remediation recommendations.
* Support internal and external audits, including coordination with Internal Audit, third-party assessors, and penetration testing teams.
* Participate in security reviews of new and existing systems to ensure security requirements are met prior to implementation.
* Lead or support cybersecurity incident response activities in coordination with cross-functional teams.
* Manage and contribute to multiple cybersecurity and GRC-related projects simultaneously.
* Design and implement comprehensive security controls incorporating emerging technologies and industry best practices.
* Mentor and train junior staff on cybersecurity tools, processes, and governance practices.
*
* What you will need:
**
* *
* Education:
** Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field. Equivalent professional experience may be considered in lieu of a degree.
* ** Certification:
** At least one active, industry-recognized cybersecurity or GRC-related certification, such as:
* Security+ / GSEC / SSCP / CRISC / CISA (acceptable if security-focused)
* Advanced or healthcare-relevant certifications, such as: CISSP, CRISC, CISM, HCISPP, GIAC
* *
* Experience:
** Eight (8) or more years of combined IT and cybersecurity experience.
* Demonstrated experience leading or independently executing security initiatives.
* Hands-on experience supporting, securing, and documenting at least two enterprise applications or platforms.
* Experience performing risk assessments, control evaluations, or compliance activities.
* Experience collaborating with infrastructure, application, and operations teams.
* ** Unique or Preferred
Skills:
*** Strong working knowledge of information security governance, risk management, and compliance principles
* Demonstrated understanding of security frameworks and standards, including:
* HIPAA Security Rule
* NIST (800-53, 800-30, 800-61, 800-171)
* ISO 27001 (working knowledge)
* PCI-DSS
* Experience assessing and advising on technical and operational security controls.
* Familiarity with enterprise security domains, including:
* Endpoint security (EDR, anti-malware)
* Vulnerability…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×