Position: Security & Compliance Analyst
Location: Chicago, IL
Duration: Full-Time / Long Term Contract With potential extension.
About the role
We're looking for an experienced Security & Compliance Analyst to help keep a large, regulated technology environment secure, compliant, and audit-ready. You'll monitor and assess security controls, maintain compliance documentation, and work across security, IT, and delivery teams to make sure standards are not just written down but actually met. This is a hands-on role for someone who thinks in terms of controls, evidence, and continuous improvement.
What you'll do
- Conduct periodic security control assessments aligned to NIST 800-53.
- Review, maintain, and update system security plans and compliance documentation.
- Monitor access logs and coordinate vulnerability scans across systems and applications.
- Support audit readiness and reporting activities, including FedRAMP.
- Track and support remediation of Plan of Action and Milestones (POA&M) findings.
- Validate identity and access governance controls and support access management reviews.
- Communicate risks, gaps, and remediation status clearly to both technical teams and leadership.
The ideal Security & Compliance Analyst
The qualities that matter most for this role:
- Detail-oriented and thorough: You're meticulous with controls, evidence, and documentation, and you make sure nothing slips through the cracks.
- A clear communicator: You translate technical risk and compliance findings into plain language that both engineers and leadership can act on.
- Audit and evidence minded: You think in terms of controls, proof, and traceability, and you keep the environment audit-ready at all times.
- Proactive and risk-aware: You anticipate gaps and raise issues early, rather than reacting after something goes wrong.
- Collaborative: You work across security, IT, and delivery teams to get controls implemented, not just recommended.
- High integrity: You're trusted with sensitive data and you hold the line on standards, even under pressure.
What you bring
- Bachelor's degree in Cybersecurity, IT, or a related field.
- 5+ years in security compliance and risk management (senior-level).
- Working knowledge of NIST 800-53, HIPAA, FedRAMP, and FERPA standards.
- Experience with security control assessments, system security plans, and POA&M remediation.
- Strong written and verbal communication skills.
Nice to have
- FedRAMP audit-readiness and reporting experience.
- Familiarity with identity and access management (IAM) and identity governance (IGA) platforms (e.g., Okta, SailPoint).
- Healthcare, Medicaid, or public-sector compliance experience.
- Relevant certifications (e.g., CISA, CISSP, Security+).