Title:  IT Risk Management Analyst

Requisition Id:  31313
Job Function:  Information Systems
Career Area:  Corporate Jobs
Work Location:  Bannockburn 1 - 2355 (CORP)

About Us:

At Stericycle, we deliver solutions and drive innovations that protect the environment, people, and public health. This includes working to create a more sustainable, shared future. Our innovative solutions make a difference in people's lives, communities, and our planet by protecting their health and well-being. Change your career. Change your world. Join Stericycle and help protect health and well-being in a safe, responsible, and sustainable way. We protect what matters.

Position Purpose:

The IT Risk Management Analyst will support activities related to the development, management, and compliance with Stericycle IT and Security Policy.  This role will report to the  Manager – IT Risk Management and will actively collaborate with stakeholders across the enterprise including applicable working groups and committees.  

Key Job Activities:

•    Build relationships, advocate, and consult to different Stericycle functional and business stakeholder groups on areas of IT and Security Policy.
•    Support development and lead management of Stericycle security policies, procedures, and standards.   
•    Manage IT and Security policy review, training, and development schedule.
•    Support the risk assessment, risk register, risk treatment, and risk reporting process.
•    Support the cybersecurity awareness and training programs, including the phishing simulation program 
•    Support the customer cyber due diligence and vendor cyber risk processes
•    Support general IT Risk Management activities as needed.
•    Support and manage compliance metric reporting and dashboard development as needed.
•    Perform other duties and responsibilities, as assigned.


Experience (North America):

•    Preferably at least 3-5+ years’ experience in cybersecurity, risk management, compliance, IT governance, or other related functions..
•    3-5+ years experience authoring and managing IT and Security Policies, Procedures, and/or Standards.
•    Knowledge and demonstrable experience utilizing / assessing against common security and controls frameworks: COSO / CoBIT, NIST CSF, NIST 800-53, NIST 800-37, ISO27001, CIS Controls (or equivalent).
•    2+ years experience performing IT or Security assessments or audits.
•    Knowledge and demonstrable experience utilizing common risk management tools: Archer, ServiceNow IRM, MetricStream, or similar.
•    Experience supporting risk management processes including risk register, treatment / remediation, POAM, or reporting.
•    Demonstrable experience in supporting security metric and risk reporting programs.
•    Excellent writer who can draft new policy, procedure, and standard materials and is also comfortable updating existing materials. 
•    Great communicator that can articulate risk concepts to both technical and non-technical audiences. 
•    Great listener that can capture and understand stakeholder requirements to translate into security controls.
•    Multi-tasker who is comfortable supporting parallel initiatives with attention to detail.
•    Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
•    Bachelors or equivalent.
•    3-5+ Years of Experience in Information Technology preferably in Cybersecurity

•    CISA or CISSP (preferred).

Certifications and/or Licenses:


Stericycle currently offers its employees the option to participate in a full range of benefits, including a health care program which includes medical, dental, vision and prescription coverage, healthcare and dependent care flexible spending accounts, life and accidental death and dismemberment insurance, an employee assistance program, tuition reimbursement, paid vacation and sick time, a 401(k) plan, and an employee stock purchase plan. Participation in some programs requires that employees be regularly scheduled to work a minimum number of hours and/or to have fulfilled a waiting period after they begin employment with Stericycle.

Our Promise:

Stericycle is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other legally protected category. Stericycle is committed to protecting what matters and includes compliance with all fair employment practices regarding citizenship and immigration status.


The above description is meant to provide a summary of the nature and level of work being performed; it should not be construed as an exhaustive list of all responsibilities, duties, and requirements of the job.  This document does not create an employment contract, implied or otherwise.  Stericycle will consider requests for workplace accommodations for protected physical or mental limitations in accordance with its human resources policies and local laws.  To the extent permissible under local law, and consistent with business necessity, Stericycle reserves the right to modify the content formally or informally, either verbally or in writing, at any time with or without advance notice.

Nearest Major Market: Chicago