Job description

Location: Chicago, IL

Hospital: RUSH University Medical Center

Department: RUSH Legal Affairs

Work Type: Full Time (Total FTE between 0.9 and 1.0)

Shift: Shift 1

Work Schedule: 8 Hr (8:00:00 AM - 5:00:00 PM)

Summary

Under the supervision of [RUSH LEGAL STAFF MEMBER] and [CYBERSECURITY STAFF MEMBER] (or their respective designees) the Staff Attorney will provide legal advice and counsel on risks and best practices with regards to the operations of Information Services. This will involve management of relationships with third party vendors in the performance and remediation of their contractually agreed obligations, guidance of Rush internal parties in their development and implementation of information and technology solutions, and advising on proper protection of Rush sensitive information to comply with federal and state statutes, regulations, accreditation bodies, and Rush policies. Exemplifies the Rush mission, vision and values and acts in accordance with Rush policies and procedures.

Responsibilities

Review contracts as received as part of the contract review process for cybersecurity risks, including but not limited to network connectivity and storage and transmission of sensitive data across all relevant Rush assets.
Advise, draft, and negotiate information security and privacy provisions in complex commercial transactions in the IT, digital technology, and healthcare space.
Provide legal support and counseling on information security and privacy issues to the business.
Advise on the development, application, and enforcement of information security policies.
Assist in responding to, conducting impact analyses for, and helping guide communications arising from cyber events and incidents.
Support Rush information security groups for information security matters.
Evaluate and advise on technical data protections for Rush products and services.
Work closely with regulatory, public policy, and corporate communications groups to establish relationships and help shape advocacy and public facing communications about information security and privacy.
Provide advice to staff of the Chief Information Security Office (CISO) on legal issues related to corporate cybersecurity program.
Provide advice on cybersecurity legal, regulatory, and policy issues that affect the company across multiple business areas.
Work with Government and Regulatory Affairs on legislative and policy efforts pertaining to cybersecurity.
Keep management and executives informed of cyber incidents and legal developments.

Required Job Qualifications

Juris Doctor degree from an ABA accredited school
Licensed to practice law in at least one state and in good standing in all states where admitted.
Member of the Illinois State bar or eligible to sit for the Illinois State bar.
Demonstrated ability and interest in cybersecurity issues and law

Preferred Job Qualifications

SANS SEC 301: Introduction to Cyber Security
SANS SEC 401: Security Essentials Bootcamp Style
SANS LEG523: Law of Data Security and Investigation
Health Care Compliance Association CCB Certified in Healthcare Privacy Compliance (CHPC)

Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

Required profile