Information Security Analyst, Governance, Risk, and ...

Job#: 3020974 Job Description: Job Title: Governance, Risk & Compliance (GRC) Security Analyst (Hybrid)Department/Unit: Center for Translational Data Science (CTDS)Reports To: GRC Lead (with moderate direction)Work Location: 5841 S Maryland Avenue, Chicago, IL 60637Work Schedule: 40 hours/week | 8:30 AM - 5:00 PM (30-minute lunch)Hybrid Schedule: Onsite Tuesdays / Remote Monday, Wednesday-FridayStart Date: ASAPEnd Date: 7/30/2027 (term appointment as currently structured)About the Center for Translational Data Science (CTDS)CTDS is seeking an experienced, organized, and self-driven professional who is passionate about Governance, Risk, and Compliance (GRC), cybersecurity, and operational excellence. This role supports secure research collaborations by strengthening security practices across hybrid environments and contributing to a culture of risk awareness and continuous improvement.You’ll join a team that values thoughtful security guidance, clear communication, and staying current on emerging threats and evolving compliance expectations. The ideal candidate is a well-rounded practitioner who can move beyond administrative tasks to provide meaningful security insight and support cross-functional teams.Role SummaryAs a GRC Security Analyst, you will coordinate and support security governance, risk, and compliance initiatives under the guidance of the GRC Lead. You will help maintain compliance documentation and evidence, support audits and remediation activities, and work with engineers, researchers, and administrators to implement controls and strengthen CTDS security posture.With moderate direction, you will perform procedures necessary to help ensure information system safety, monitor activity and potential threats, assist with risk assessments, and support changes to security processes and systems.Key ResponsibilitiesIn this role, you will:Coordinate and support GRC projects and controls implementation under the guidance of the GRC LeadPrepare, track, and maintain project documentation, compliance artifacts, and audit evidenceFacilitate internal and external audits, including evidence collection and remediation support (, POA&Ms)Collaborate closely with engineers, researchers, and administrators to promote a culture of complianceCommunicate security and compliance requirements in clear, accessible language and explain policies effectivelyAssist with risk register maintenance, basic threat modeling, and risk assessments across hybrid environmentsMonitor for fundamental risks (, phishing attempts) and support proper handling of sensitive data (PII, PHI, CUI)Support compliance-aligned practices under guidelines and standards such as HIPAA, GDPR, FISMA, and NISTSupport review and documentation of significant system changes, ensuring required compliance steps and approvals are completed prior to rolloutStay current on evolving federal and data privacy regulations and contribute new insights to ongoing compliance effortsPerform other related duties as neededMinimum QualificationsEducationBachelor’s degree from an accredited college or university in a related field such as Business, Administration, Computer Science, Information Security, or similarExperience3-5 years of experience in one or more of the following: Information securityRisk analysisAuditingComplianceGovernancePractical experience in highly regulated and/or federal environments, such as: FedRAMP, FISMA, CMMCBasic scripting/automation experience (Python or similar) or willingness to learnKnowledge of audit and risk management methodologies such as: COBIT, NIST 800-37 / 800-30, FAIRExperience with tools and solutions used for: GRC, IAM, and compliance automation/documentationInformation security tools and solutionsPreferred Certifications (Desired)CompTIA Security+AWS or GCP Cloud Security certificationsCISA, CISM, or CISSP AssociateUnit-Specific Competencies (Skills & Attributes)Successful candidates typically demonstrate:Practical understanding of core cybersecurity concepts (, access control, authentication, threat vectors)Familiarity with federal cybersecurity frameworks and requirements: FedRAMP, FISMA, NISTKnowledge of hybrid IT systems, networking, and cloud environments (, AWS, Google Cloud)Strong organizational skills; able to manage multiple priorities and projects effectivelyHigh adaptability and responsiveness in a dynamic, demand-based environmentStrong relationship-building skills and effectiveness across cross-functional teamsSound judgment: ability to weigh Center/partner/agency needs against security and risk toleranceAbility to conceptualize a course of action and execute successfully—often under tight deadlinesAbility to present information consistently and conciselyExcellent written and verbal communication skills; ability to foster collaborative working relationshipsSecurity & Compliance Expectations (Role Requirements)With moderate direction, the employee will:Perform procedures necessary to help ensure the safety of information systemsMonitor system activity, identify potential threats, and respond to detected or reported security violationsResearch, recommend, and support implementation of changes to procedures and systems to enhance securityCommunicate with users to understand security needs and help implement procedures that meet those needsEnsure the user community understands and adheres to required procedures to maintain securityPre-Employment Screening RequirementsThis position is subject to screening requirements that may include:Background screenCredit historyEducation verificationEmployment verificationMotor vehicle recordsProfessional license and certification verification Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing? in Talent Satisfaction in the United States and Great Place to Work? in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click here for more details. Apex Benefits Overview:Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Apex team member can provide.

Created: 2026-02-20