Passionate about precision medicine and advancing the healthcare industry?
Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.
As a Senior Cyber Risk Analyst at Tempus AI, you will be the driving force behind our Cyber Risk Management Program, serving as the primary custodian of the organization's Cyber Risk Register. Your expertise in integrating cyber risk management practices within a fast-paced, health-tech environment will be crucial to providing leadership with clear visibility into our cyber risk posture and ensuring the continuous security and compliance of our platforms.
What You'll Do
Cyber Risk Register Management & Program Intake
- **Own the Risk Lifecycle: **Serve as the primary owner for the "care and feeding" of the Cyber Risk Register. Oversee the end-to-end lifecycle of cybersecurity risks, including identification, logging, analysis, treatment tracking, and closure.
- **Risk Quantification & Scoring: **Apply standardized risk assessment methodologies to accurately calculate risk impact/severity, likelihood/occurence, and controls/detectability, ensuring risks are prioritized effectively.
Executive Reporting & Enterprise Alignment
- **Metrics & Dashboards: **Develop and maintain intuitive risk dashboards and Key Risk Indicators (KRIs). Provide clear, data-driven reports to the Director of Data Security, the CISO, and executive leadership regarding our current risk posture and remediation progress.
- **ERM Integration: **Actively support the broader Enterprise Risk Management (ERM) program by translating technical cyber risks into business impacts, ensuring seamless reporting to ERM leadership.
Strategic Security Initiatives
- **M&A Due Diligence: **Provide technical expertise during Mergers and Acquisitions (M&A). Conduct pre-acquisition security risk analyses and ensure post-acquisition inherited risks are properly ingested into the Cyber Risk Register and tracked to remediation.
- **Global Compliance Support: **Coordinate with Technology, Legal, and Security teams to ensure risk mitigation efforts align with required regulatory standards (e.g., HIPAA, HITRUST, GDPR, ISO 27001)
Qualifications
- **Experience: **5+ years of technical experience in information security, risk management, or GRC within the technology, AI, or healthcare industries.
- **Domain Expertise: **Deep understanding of cybersecurity principles, threat landscapes, and control frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, HITRUST).
- **Risk Management Mastery: **Proven track record of building, maintaining, or heavily contributing to a Cyber Risk Register. Experience with risk quantification methodologies and leading GRC platforms (e.g., ServiceNow GRC, RSA Archer, AuditBoard, or similar).
- **Project & Stakeholder Management: **Exceptional ability to manage multiple concurrent programs, working proactively to align multi-disciplinary stakeholders toward secure outcomes.
- Communication Skills: Excellent written and verbal communication skills. You must possess the unique ability to act as a "translator" of risk—taking complex technical vulnerabilities and clearly articulating the business risk to diverse teams of biologists, medical professionals, engineers, operators, and data scientists.
#LI-HR1
#LI-Hybrid
CHI: $105,000-$120,000
The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.