Information Security Specialist - Intermediate
at Adventist Health System

Date Posted: 6/5/2017

Job Description



Job:  Information Technology

Organization:  Adventist IT

Shift:  Day

Job Posting:  Aug 30, 2016, 12:42:17 PM

Intermediate Information Security Specialist, as part of the information assurance team will safeguard information system assets by analyzing the security requirements of Adventist Health System (AHS), all its entities, and their information systems to identify potential or actual security compliance issues. This function will perform data security audit and compliance activities for assuring internal security controls, policies, processes, and procedures with respect to company and industry regulations. The candidate in this position will provide an understanding of the purpose of the audit to control owners, appropriately scope the audit to achieve the objectives in a reasonable timeframe, execute required testing procedures to assess compliance, obtain remediation plan with commitments timeline and follow-up, prepare required audit and compliance reports, and keep management informed of progress and results. He/she will work with a wide variety of management and staff for performing independent information security related audits, ensuring compliance. The candidate will serve as an advisor to diverse internal teams, providing recommendations and guidance for addressing security controls and operational deficiencies, which can limit meeting compliance objectives. He/she must possess strong interpersonal skills, critical thinking as well as strong analytical and problem solving skills to tackle unexpected challenges and come up with intelligent ways of providing data security through standards and alternate compensating controls. The candidates should be able to work well under pressure, on their own, and can perform effectively in a team setting to achieve organizational goals.

PRINCIPAL DUTIES AND JOB RESPONSIBILITIES:

Responsibilities and essential job functions include but are not limited to the following:

• Contribute in developing and executing a comprehensive information security audit & compliance program and plans by scoping, reviewing, evaluating, and testing requirements for security controls and their effectiveness in meeting security compliance. 

• Examine records, reports, operating practices, and documentation by generating audit reports to ensure the integrity, confidentiality, and availability of information resources. Reviews may include assessments of administrative, physical and technical controls in place. 

• Communicate findings by preparing final report based on audit tests to the management.

• Assist internal/external auditors in their audits and/or special projects whenever needed.

• Communicate with auditees on requirements, testing, findings, remediation, tracking & reporting.

• Exercise professional judgment by evaluating information, making recommendations, and maintaining confidentiality of data per AHS policies, avoiding conflict of interests.

• Maintains a sound knowledge of information security controls, standards, and best practices related to information security and compliance with standards, laws, and regulations (e.g., HITRUST, PCI, HIPAA, etc.).


Job Requirements

KNOWLEDGE AND SKILLS REQUIRED:

• Understanding of Information security standards and frameworks (e.g., COBIT, ITIL, NIST, ISO), audit and compliance standards and/or other relevant regulation and guidelines (e.g., SOX, AICPA, PCAOB).

• Working background in IT, information security, applications, and/or data centers.

• Understanding of enterprise-wide information security controls and/or IT general controls (ITGC).

• Working knowledge of IT processes, procedures, testing concepts, and audit reporting.

• Knowledge of HIPAA Security & Privacy Rule, Meaningful Use (MU), Generally Accepted Auditing Standards (GAAS), SAS-70, and/or SSAE-16 reports.

• Ability to complete work in accordance with IIA and ISACA standards including preparation of detailed work papers adequately supporting conclusions.

• Ability to effectively communicate concerns and recommendations both verbally and through written reports from staff to leadership level.  

• Have soft skills, such as multi-tasking, self-starter, prioritization, time management, project management, presentation, and interpersonal skills.

• Team player with a positive enthusiastic attitude and communication skills.

• Microsoft Excel, Word, PowerPoint, MS-Project and Visio skills.


KNOWLEDGE AND SKILLS PREFERRED:

• Sound knowledge of HITRUST framework and compliance standards is a plus.

• Ability to extract data by using SQL or query tools.

• Knowledge of identity & access management systems, or logical access controls.

• Knowledge of Payment Card Industry (PCI) standards and requirements.

• Knowledge of SOC2 Type 1 or 2, and/or SSAE18 reports.

• Knowledge of GRC or other compliance management tools

• Knowledge of large enterprise systems and relevant technologies


EDUCATION AND EXPERIENCE REQUIRED:

• Bachelor’s degree in Science / Information Systems, or an equivalent.

• 5 or more years of experience in IT risk assessments, audit, and/or compliance.

EDUCATION AND EXPERIENCE PREFERRED:

• Masters in computer sciences / information systems / cybersecurity or business administration.

• 2 or more years of experience in information security audit and compliance of large complex organizations.

• Experience in a healthcare environment is a plus.

LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:

• Certified Information Systems Auditor (CISA)

• Certified Internal Controls Auditor (CICA)

• Certified Information Systems Security Professional (CISSP)

• GIAC Systems and Network Auditor (GSNA)

Job Snapshot

About Us

About Adventist Health System

Who We Are

We are one of the largest faith-based health care providers in the United States. For 150 years, we have carried on a tradition of providing whole-person care that not only addresses patients' physical ailments, but also supports their emotional and spiritual well-being. We demonstrate the same level of compassion and care for our employees as well, doing all that we can to help them realize their full potential – both personally and professionally.

Who You Are

You are a compassionate, talented professional who wants to work in an environment where you can live out your faith and your values. You are excited about being part of a team that uses the latest technology and medical research to ensure patients receive quality care, but who also recognize that great care is always personal. You enjoy going out of your way to make each patient and their family feel special, and are passionate about guiding them toward optimal health.

Our Community

Our community is global and so is our reach. From coordinating medical mission trips in Ethiopia to planting school gardens in Florida, we are constantly seeking ways to go beyond hospital walls in improving the health of our communities. As a member of our team, you will be encouraged to use your talents in fun, meaningful ways that bring joy and healing to people around the world.

Our Mission

Part of this worldwide network, Adventist Health System was founded in 1973 to support and strengthen the Seventh-day Adventist health care organizations in the Southern and Southwestern regions of the United States. Today it is a national leader in quality, safety and patient satisfaction, comprised of 46 hospital campuses and nearly 77,000 employees.

Although separated by geography, each of our facilities is united by the mission of Extending the Healing Ministry of Christ. Today we continue the tradition of whole-person care by practicing and sharing CREATION Health, a blueprint for living a healthy, happy life based on the principles given in the Bible’s creation story: Choice, Rest, Environment, Activity, Trust, Interpersonal relationships, Outlook and Nutrition.

We provide comprehensive benefits, training and advancement opportunities. We care for our employees as well as we care for our patients.