IT Security Engineer III- GRC SME

Hourly Pay Range:

$41.64 - $64.54 - The hourly pay rate offered is determined by a candidate's expertise and years of experience, among other factors.

Position Highlights:

• Position: IT Security Engineer III - GRC SME
• Location: Warrenville, IL or Skokie, IL or Arlington Heights, IL
• Full Time
• Hours: Monday-Friday, 8:00am - 5:00pm
• Hybrid Position

Job Summary:

The Security Engineer III – GRC at Endeavor Health is responsible for strengthening the organization’s cybersecurity posture through the execution of governance, risk management, and compliance activities. This role focuses on developing, documenting, and refining security standards and procedures; performing risk and control assessments; and ensuring alignment with healthcare regulatory and security frameworks, including HIPAA, industry standards, and organizational policies.

Working primarily in a remote capacity, this role partners closely with Information Security, IT, clinical technology teams, and business stakeholders to evaluate security risks, support compliance initiatives, and guide the secure design and operation of internal and external systems. The Security Engineer III also provides technical leadership, mentors junior staff, and supports enterprise-wide cybersecurity initiatives.
 

What you will do:

• Execute cybersecurity risk assessments, control reviews, and governance activities across infrastructure, applications, cloud services, and medical technologies.
• Conduct cybersecurity and compliance assessments aligned with HIPAA Security and Privacy Rules, internal policies, and applicable regulatory and industry standards.
• Identify cybersecurity risks related to medical devices, applications, and systems, and provide actionable mitigation and remediation recommendations.
• Support internal and external audits, including coordination with Internal Audit, third-party assessors, and penetration testing teams.
• Participate in security reviews of new and existing systems to ensure security requirements are met prior to implementation.
• Lead or support cybersecurity incident response activities in coordination with cross-functional teams.
• Manage and contribute to multiple cybersecurity and GRC-related projects simultaneously.
• Design and implement comprehensive security controls incorporating emerging technologies and industry best practices.
• Mentor and train junior staff on cybersecurity tools, processes, and governance practices.

What you will need:

• Education: Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field. Equivalent professional experience may be considered in lieu of a degree.
• Certification: At least one active, industry-recognized cybersecurity or GRC-related certification, such as:
• Security+ / GSEC / SSCP / CRISC / CISA (acceptable if security-focused)
• Advanced or healthcare-relevant certifications, such as: CISSP, CRISC, CISM, HCISPP, GIAC
• Experience: Eight (8) or more years of combined IT and cybersecurity experience.
• Demonstrated experience leading or independently executing security initiatives.
• Hands-on experience supporting, securing, and documenting at least two enterprise applications or platforms.
• Experience performing risk assessments, control evaluations, or compliance activities.
• Experience collaborating with infrastructure, application, and operations teams.
• Unique or Preferred Skills:
• Strong working knowledge of information security governance, risk management, and compliance principles
• Demonstrated understanding of security frameworks and standards, including:
• HIPAA Security Rule
• NIST (800-53, 800-30, 800-61, 800-171)
• ISO 27001 (working knowledge)
• PCI-DSS
• Experience assessing and advising on technical and operational security controls.
• Familiarity with enterprise security domains, including:
• Endpoint security (EDR, anti-malware)
• Vulnerability management
• Network and application security
• Cloud security concepts
• Ability to translate technical risk into business and compliance impact.
• Proven leadership and project coordination skills in a matrixed environment.
• Strong written and verbal communication skills, including security documentation and executive-level reporting.
• Ability to mentor junior staff and contribute to team knowledge development.
• Familiarity with IT service management and project methodologies (e.g., ITIL, Agile, or Waterfall).

Benefits (For full time or part time positions):

• Incentive pay for select positions
• Opportunity for annual increases based on performance
• Career Pathways to Promote Professional Growth and Development
• Various Medical, Dental, Pet and Vision options
• Tuition Reimbursement
• Free Parking
• Wellness Program Savings Plan
• Health Savings Account Options
• Retirement Options with Company Match
• Paid Time Off and Holiday Pay
• Community Involvement Opportunities

Endeavor Health is a fully integrated healthcare delivery system committed to providing access to quality, vibrant, community-connected care, serving an area of more than 4.2 million residents across six northeast Illinois counties. Our more than 25,000 team members and more than 6,000 physicians aim to deliver transformative patient experiences and expert care close to home across more than 300 ambulatory locations and eight acute care hospitals – Edward (Naperville), Elmhurst, Evanston, Glenbrook (Glenview), Highland Park, Northwest Community (Arlington Heights) Skokie and Swedish (Chicago) – all recognized as Magnet hospitals for nursing excellence. For more information, visit www.endeavorhealth.org.  

When you work for Endeavor Health, you will be part of an organization that encourages its employees to achieve career goals and maximize their professional potential.

Please explore our website (www.endeavorhealth.org) to better understand how Endeavor Health delivers on its mission to “help everyone in our communities be their best”. 

Endeavor Health is committed to working with and providing reasonable accommodation to individuals with disabilities. Please refer to the main career page for more information.

Diversity, equity and inclusion is at the core of who we are; being there for our patients and each other with compassion, respect and empathy. We believe that our strength resides in our differences and in connecting our best to provide community-connected healthcare for all.

EOE: Race/Color/Sex/Sexual Orientation/ Gender Identity/Religion/National Origin/Disability/Vets, VEVRRA Federal Contractor.