Passionate about precision medicine and advancing the healthcare industry?
Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.
As a Senior Cyber Risk Analyst at Tempus AI, you will be the driving force behind our Cyber Risk Management Program, serving as the primary custodian of the organization's Cyber Risk Register. Your expertise in integrating cyber risk management practices within a fast-paced, health-tech environment will be crucial to providing leadership with clear visibility into our cyber risk posture and ensuring the continuous security and compliance of our platforms.
What You'll DoCyber Risk Register Management & Program Intake
Own the Risk Lifecycle: Serve as the primary owner for the "care and feeding" of the Cyber Risk Register. Oversee the end-to-end lifecycle of cybersecurity risks, including identification, logging, analysis, treatment tracking, and closure.
Risk Quantification & Scoring: Apply standardized risk assessment methodologies to accurately calculate risk impact/severity, likelihood/occurence, and controls/detectability, ensuring risks are prioritized effectively.
Executive Reporting & Enterprise Alignment
Metrics & Dashboards: Develop and maintain intuitive risk dashboards and Key Risk Indicators (KRIs). Provide clear, data-driven reports to the Director of Data Security, the CISO, and executive leadership regarding our current risk posture and remediation progress.
ERM Integration: Actively support the broader Enterprise Risk Management (ERM) program by translating technical cyber risks into business impacts, ensuring seamless reporting to ERM leadership.
Strategic Security Initiatives
M&A Due Diligence: Provide technical expertise during Mergers and Acquisitions (M&A). Conduct pre-acquisition security risk analyses and ensure post-acquisition inherited risks are properly ingested into the Cyber Risk Register and tracked to remediation.
Global Compliance Support: Coordinate with Technology, Legal, and Security teams to ensure risk mitigation efforts align with required regulatory standards (e.g., HIPAA, HITRUST, GDPR, ISO 27001)
Experience: 5+ years of technical experience in information security, risk management, or GRC within the technology, AI, or healthcare industries.
Domain Expertise: Deep understanding of cybersecurity principles, threat landscapes, and control frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, HITRUST).
Risk Management Mastery: Proven track record of building, maintaining, or heavily contributing to a Cyber Risk Register. Experience with risk quantification methodologies and leading GRC platforms (e.g., ServiceNow GRC, RSA Archer, AuditBoard, or similar).
Project & Stakeholder Management: Exceptional ability to manage multiple concurrent programs, working proactively to align multi-disciplinary stakeholders toward secure outcomes.
Communication Skills: Excellent written and verbal communication skills. You must possess the unique ability to act as a "translator" of risk—taking complex technical vulnerabilities and clearly articulating the business risk to diverse teams of biologists, medical professionals, engineers, operators, and data scientists.
#LI-HR1
#LI-Hybrid
CHI: $110,000-$130,000
The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Skills Required
- 5+ years of technical experience in information security, risk management, or GRC
- Deep understanding of cybersecurity principles and control frameworks
- Experience building or contributing to a Cyber Risk Register
- Ability to manage multiple programs and align stakeholders
- Exceptional written and verbal communication skills
What the Team is Saying
What We Do
We bring together one of the world’s largest libraries of multimodal clinical and molecular data with a robust suite of AI tools to help physicians personalize care in real time, connect patients with therapies and clinical trials, and enable partners to accelerate discovery and development of new treatments. With ~8 million de-identified research records and 350+ petabytes of data, Tempus partners with more than half of U.S. oncologists and the majority of the top 20 global pharma companies. Our teams are pioneering work across oncology, neurology, psychiatry, cardiology, and beyond—transforming how care is delivered and therapies are developed. At Tempus, every role contributes to our mission: to help each patient benefit from the experiences of those who came before. For more information, visit tempus.com.
Why Work With Us
We’re looking for people who can change the world. People who question the status quo and refuse to shy away from tough problems. For builders who are never done building, and the learners who are never done learning. Passionate individuals with undying curiosity who want to take on one of the greatest challenges humanity has ever faced—head on.
Gallery
Tempus AI Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Most of the team follows a hybrid policy, with some roles allowing for a fully remote arrangement and some roles being onsite only.
