Payment Card Industry Data Security Standards (PCI DSS) Risk Analyst

Join a world-class academic healthcare system, UChicago Medicine, as a Payment Card Industry data Security Standards (PCI DSS) Risk Analyst on our Information Security and Privacy GRC team. This is a remote, work from home opportunity, and you may be based outside of the greater Chicagoland area.   

The Payment Card Industry Data Security Standards (PCI DSS) Risk Analyst – Intermediate, reporting to the Director, Information Security and Privacy Governance, Risk, and Compliance, will be responsible for ensuring PCI DSS compliance across relevant business units by understanding payment-related business processes, and, maintaining and validating documentation and communicating PCI requirements. The position will act as a subject matter expert for Payment Card Industry Data Security Standards by helping define the cardholder data environment, overseeing the implementation of PCI controls, and escalating matters of risk or non-compliance. This role contributes to the organization’s broader information risk management goals by supporting secure handling of payment data and minimizing regulatory exposure. 

Essential Job Functions      

• Develop and maintain PCI DSS compliance programs and ensure alignment with organizational goals 

• Develop and communicate PCI related policies, procedures, standards, and training/awareness 

• Define and document the scope of the cardholder data environment (CDE), systems connected to the CDE, and business processes within applicable business units 

• Implement all applicable PCI standards and requirements and ensure ongoing maintenance of applicable controls 

• Coordinate, and where applicable, conduct internal assessments and support external audits addressing identified gaps effectively 

• Assess risks associated with PCI compliance and recommend appropriate actions such as risk acceptance, mitigation or remediation; Participate in risk management initiatives related to data protection and information security including, but not limited to, engaging with third-party vendors/service providers that handle cardholder data to review PCI compliance 

• Monitor and investigate PCI-related security incidents in collaboration with IT security operations and applicable IT teams 

• Other duties as assigned 

Required Qualifications      

• Bachelor's degree required in Information Security, Computer Science, Information Technology, or a related field or equivalent work experience 

• Minimum of 2+ years of applicable PCI DSS experience 

• Demonstrated proficiency with the HIPAA Security, NIST and other relevant healthcare regulations and standards 

• Ability to define and implement a multi-year operationally sound technology-focused set of strategic goals 

• Proven ability to build positive team relationships with all levels of the enterprise and across a diverse set of departments 

• Ability to prepare both executive and detailed reports on risk findings and status 

• Ability to develop remediation plans and guide departments with remediation strategy 

• Skilled in project management and work plan development and implementation 

• Knowledge and ability to direct a team in integrating informational technology services with the work requirements and deliverables of units and departments 

• Effective oral and written communication skills and interpersonal skills 

Preferred Qualifications 

• Academic medical center and/or health care consulting experience  

• One or more of the following security certifications are preferred: CISSP, PCIP, CISA or CRISC 

Position Details      

• Job Type/FTE: Full Time   

• Shift: Days     

• Location: Remote     

• Unit/Department: Information Security Office     

• CBA Code: Non-Union   

We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion.

UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at: UChicago Medicine Career Opportunities.

UChicago Medicine is an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.

Must comply with UChicago Medicine’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.

Compensation & Benefits Overview

UChicago Medicine is committed to transparency in compensation and benefits.  The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.

The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.

Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.