Medline · 3 days ago
Sr IT Controls & Risk Specialist
Northbrook, IL
Full-time
Onsite
Mid, Senior Level
$96K/yr - $145K/yr
3+ years expMedline is looking for a Senior IT Controls & Risk Specialist to play a critical role in establishing and managing an IT controls framework for the enterprise. The specialist will lead the design, development, and implementation of information and technology risk management policies, standards, processes, and best practices, while also evaluating compliance of technology solutions against applicable controls.
Consumer GoodsHealth CareHospitalityManufacturingMedical
Responsibilities
Control Framework Development: Analyze, design, create, and maintain a unified IT controls framework drawing from leading industry frameworks and applicable regulatory requirements (e.g. NIST CSF, CIS, HITRUST, PCI, etc.)
Documentation: Create comprehensive documentation for the controls framework, including risks, control objectives, and implementation guidelines. Align with existing enterprise policies and develop policies to fill identified gaps
Stakeholder Engagement: Collaborate with cross-functional teams to ensure stakeholder buy-in and alignment with organizational risk tolerance
Compliance Evaluation: Assess new and existing technologies for compliance with applicable controls
Risk Register Management: Maintain a risk register to manage non-compliance and track remediation efforts
Tool Administration: Lead the configuration of GRC tools used for IT risk management processes
Material Development: Develop tailored written and verbal awareness materials for different audiences, supporting user education initiatives
Drive communication campaigns to ensure employee adoption using metrics to measure and track success
Communication Planning: Execute a communication plan for impacted audiences when process and policy changes are made
Relationship Building: Build trusted relationships with IT Compliance, Information Security, Legal, and Corporate Compliance teams to ensure message alignment and cross-functional collaboration
Qualification
Required
Bachelor's Degree in Information Technology, Information Security, Risk Management, Business Administration, or related field. Or equivalent combination of education, professional certifications, and relevant work experience
3+ years professional experience within IT Controls and Frameworks, IT Risk Management, IT Internal Controls, or related GRC field
Experience developing or maintaining a controls-based IT compliance framework
Experience evaluating or auditing web-based software technologies against company or regulatory requirements
Experience deploying or supporting risk management, compliance, information security, information governance, or privacy programs across a large enterprise
In-depth understanding of NIST CSF, CIS, NIST 800-53, HITRUST, CMMC, PCI DSS, or similar frameworks. Ability to describe framework scope, composition, and implementation strategies
Familiar with the technical components of software technologies, including APIs, web services, and common web and cloud application integration and architecture patterns
Experience with modern GRC tools and other technologies supporting IT risk management activities
Experience applying change management methodologies to support IT risk management initiatives
Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
Proven ability to effectively interact with, manage, and influence cross-functional teams and partners
Preferred
8+ years of professional experience in Technology Risk, Information Security, or leadership role in a technical area within a highly regulated industry
Certification in relevant GRC discipline (e.g., CISA, CISM, CRISC, CISSP, CGRC) or IT governance frameworks (e.g., ITIL)
Experience implementing or using AuditBoard CrossComply, AuditBoard ITRM, or other TPRM, Privacy, or GRC tools
Participation in IT compliance and audit processes
Experience organizing process information and technical concepts into a knowledge base for wider audience consumption, leveraging diagrams or infographics and knowledge management tools
Experience driving successful, insight-based, creative communications plans that deliver against program objectives, on time and within budget
Experience deploying policy or technology changes across a large enterprise and measuring and reporting program process over time
Understanding of fundamental Information Governance concepts (e.g., records retention, data protection, data handling)
Knowledge of enterprise change management methodologies
Familiarity with SAP security model and its integration with GRC products
Familiarity with M365 governance and compliance settings
Benefits
Health insurance
Life and disability
401(k) contributions
Paid time off
Company
Medline
Medline is the largest provider of medical-surgical products and supply chain solutions serving all points of care.
10001+ employees
H1B Sponsorship
Medline has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (344)
2024 (144)
2023 (142)
2022 (143)
2021 (137)
2020 (113)
Funding
Current Stage
Public CompanyTotal Funding
$0.5MKey Investors
North Carolina Department of Commerce
2025-12-17IPO
2021-06-05Private Equity
2019-09-12Grant· $0.5M
Leadership Team
Steve Miller
Chief Operating Officer
Amanda Laabs
Chief Product Officer
Recent News
2026-01-13
2026-01-07
2025-12-26
Company data provided by crunchbase