Rush University Medical Center

Location: Chicago, Illinois / Remote

Business Unit: Rush Medical Center

Hospital: Rush University Medical Center

Department: Cybersecurity Operations

Work Type: Full Time (Total FTE between 0.9 and 1.0)

Shift: Shift 1

Work Schedule: 8 Hr (9:00:00 AM - 5:00:00 PM)

Rush offers exceptional rewards and benefits learn more at our Rush benefits page (https://www.rush.edu/rush-careers/employee-benefits).

Pay Range: $46.07 - $77.40 per hour

Rush salaries are determined by many factors including, but not limited to, education, job-related experience and skills, as well as internal equity and industry specific market data. The pay range for each role reflects Rush’s anticipated wage or salary reasonably expected to be offered for the position. Offers may vary depending on the circumstances of each case.

Summary:

Are you passionate about cutting-edge technology, cybersecurity, and the future of healthcare? Join Rush University Medical Center as our Cybersecurity Application & AI Risk Lead, where you'll play a pivotal role in safeguarding critical systems and shaping the secure use of artificial intelligence across the organization.

In this highly collaborative and strategic role, you’ll lead the development and execution of cybersecurity risk management programs for Rush’s business applications and AI initiatives. Working closely with leaders across Digital & Information Services, Infrastructure, Privacy, Legal, and Enterprise Risk Management, you’ll ensure that cybersecurity risk is effectively assessed, communicated, and mitigated—aligning with both organizational priorities and evolving regulatory requirements.

You’ll be responsible for performing and standardizing security risk assessments, driving risk visibility through detailed reporting metrics, and guiding teams across the organization on best practices in application and AI security. This is an exciting opportunity to influence the security posture of a leading healthcare institution while staying at the forefront of innovation and compliance.

If you bring expertise in application security, project management, and regulatory standards like HIPAA, and you’re eager to apply that knowledge in a forward-thinking healthcare environment, we invite you to apply and make a lasting impact at Rush.

Responsibilities:

• Develop and implement risk assessment methods for evaluating cyber security in Rush applications and artificial intelligence projects.
• Collect and maintain cyber security risk data on Rush applications and artificial intelligence projects.
• Collaborate with D&IS teams (e.g., Network, Applications, Database, Infrastructure, and Server) and business application teams on risk mitigation strategies for Rush applications and artificial intelligence projects.
• Collaborate with Rush Privacy and Legal to include compliance requirements in risk management for Rush applications and artificial intelligence projects.
• Perform periodic security risk assessments on Rush applications and artificial intelligence projects.
• Prepare periodic reports on Rush’s cyber security risk for applications and artificial intelligence.
• Conduct training and provide guidance for cross-functional technology and business staff on application and artificial intelligence security best practices.
• Stay informed on the latest trends, industry best practices, emerging technologies, and evolving threats in application, artificial intelligence, and healthcare information security.
• Align the application and artificial intelligence risk management program’s compliance with NIST CSF 2.0 through documented control alignments.
• Collaborate with Information Security Compliance Manager to regularly test security compliance for Rush applications and artificial intelligence technologies.
• Create templates and procedure documentation to guide technology owners on program compliance.

Required Job Qualifications:

• Bachelor’s degree in information technology, Computer Science, or a related field.
• 5-7 years of experience in business application information security.
• Strong background in Project Management.
• Experience managing program metrics and regularly reporting program status to leadership.
• Familiarity with healthcare regulations and standards (e.g., HIPAA, HITECH).
• Strong leadership skills and the ability to work effectively with cross-functional teams.
• Excellent analytical, problem-solving, and decision-making skills.
• Outstanding communication and interpersonal abilities.
• Provide thought leadership by staying updated on industry best practices and standards to continuously mature the RUSH information security program in alignment with evolving industry benchmarks.

Preferred Job Qualifications:

• Workable understanding of emerging regulatory frameworks for AI in healthcare.
• At least 1 year of experience in Artificial Intelligence security
• Security and/or GRC Certifications (CISSP, CISA, OCEG).
• One or more certifications in AI technology.

Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.