Skip to main content

Staff Attorney Cybersecurity

**Job Description**

Location: Chicago, Illinois

Business Unit: Rush Medical Center

Hospital: Rush University Medical Center

Department: RUSH Legal Affairs

**Work Type:** Full Time (Total FTE between 0.9 and 1.0)

**Shift:** Shift 1

**Work Schedule:** 8 Hr (8:00:00 AM - 5:00:00 PM)

Rush offers exceptional rewards and benefits learn more at our Rush benefits page (https://www.rush.edu/rush-careers/employee-benefits).

**Pay Range:** 55.16 - 89.78

Rush salaries are determined by many factors including, but not limited to, education, job-related experience and skills, as well as internal equity and industry specific market data. The pay range for each role reflects Rush’s anticipated wage or salary reasonably expected to be offered for the position. Offers may very depending on the circumstances of each case.

**Summary:**

Under the supervision of [RUSH LEGAL STAFF MEMBER] and [CYBERSECURITY STAFF MEMBER] (or their respective esignees) the Staff Attorney will provide legal advice and counsel on risks and best practices with regards to the operations of Information Services. This will involve management of relationships with third party vendors in the performance and remediation of their contractually agreed obligations, guidance of Rush internal parties in their development and implementation of information and technology solutions, and advising on proper protection of Rush sensitive information to comply with federal and state statutes, regulations, accreditation bodies, and Rush policies. Exemplifies the Rush mission, vision and values and acts in accordance with Rush policies and procedures.

**Other information:**

**Required Job Qualifications:**

•Juris Doctor degree from an ABA accredited school

•Licensed to practice law in at least one state and in good standing in all states where admitted.

•Member of the Illinois State bar or eligible to sit for the Illinois State bar.

•Demonstrated ability and interest in cybersecurity issues and law

**Preferred Job Qualifications:**

•SANS SEC 301: Introduction to Cyber Security

•SANS SEC 401: Security Essentials Bootcamp Style

•SANS LEG523: Law of Data Security and Investigation

•Health Care Compliance Association CCB Certified in Healthcare Privacy Compliance (CHPC)

**Disclaimer:** The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities or requirements.

**Responsibilities:**

• Review contracts as received as part of the contract review process for cybersecurity risks, including but not limited to network connectivity and storage and transmission of sensitive data across all relevant Rush assets.

• Advise, draft, and negotiate information security and privacy provisions in complex commercial transactions in the IT, digital technology, and healthcare space.

• Provide legal support and counseling on information security and privacy issues to the business.

• Advise on the development, application, and enforcement of information security policies.

• Assist in responding to, conducting impact analyses for, and helping guide communications arising from cyber events and incidents.

• Support Rush information security groups for information security matters.

• Evaluate and advise on technical data protections for Rush products and services.

• Work closely with regulatory, public policy, and corporate communications groups to establish relationships and help shape advocacy and public facing communications about information security and privacy.

• Provide advice to staff of the Chief Information Security Office (CISO) on legal issues related to corporate cybersecurity program.

• Provide advice on cybersecurity legal, regulatory, and policy issues that affect the company across multiple business areas.

• Work with Government and Regulatory Affairs on legislative and policy efforts pertaining to cybersecurity.

• Keep management and executives informed of cyber incidents and legal developments.

Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

**Position** Staff Attorney Cybersecurity

**Location** US:IL:Chicago

**Req ID** 13229