Information Security Specialist - Intermediate
at Adventist Health System

Date Posted: 4/4/2017

Job Description

Job:  Information Technology

Organization:  Adventist IT

Shift:  Day

Job Posting:  Aug 30, 2016, 12:42:17 PM

Intermediate Information Security Specialist, as part of the risk management team will safeguard information system assets by analyzing the security requirements of Adventist Health System (AHS), all of its entities, and their Information systems to identify and resolve potential or actual security risks. This function will perform regular and ad-hoc risk assessments on implemented security controls, and provide Employees, Medical staff, and Contingent users (EMC) with security awareness and training. Also, assist enterprise-wide audit and compliance activities, whenever needed. Some of the other key activities include reviewing and recommending existing security policies and standards, ensuring procedures are implemented accordingly, and that security metrics are being measured to provide snapshot of overall security governance for the organization. The specialists in our team must analyze security requirements, measures, and concerns to help the business and operational teams in developing effective strategies for mitigating security risks. This person should also have the knowledge of industry best practices for supporting the security of information systems and related techniques in order to handle the confidentiality, integrity, and availability of the sensitive information. An excellent understanding of current security regulations, standards, protocols, up-to-date knowledge of security threats and risks, related mitigation skills along with project management experience is highly desired. Strong interpersonal and communication skills, critical thinking, analytical and problem solving skills are required to tackle unexpected challenges and come up with intelligent ways of providing security through standards and alternate compensating controls. He/she should be able to work well under pressure, independently, and also be able to perform effectively in a team setting to achieve goals.    Limited travel, up to 25%.   


Responsibilities and essential job functions include but are not limited to the following:

•               Develop an in-depth picture of the organization’s security posture through risk assessments including but not limited to interviewing stakeholders, management and other executives, reviewing compliance with security policies and standards, documentation, and analyzing the security and governance infrastructure.

•               Support workforce members at the highest levels in the implementation, monitoring, and maintenance of security policies, standards, and security corrective actions for achieving compliance across the organization, leveraging sound technical knowledge and security concepts.

•               Perform risk assessments, risk analysis, and report on security controls enterprise-wide.  

•               Minimize security threats by examining governance, infrastructure, applications, systems, devices, and facilities to identify security weaknesses and areas for improvement.  

•               Present findings in a professional manner, recommending mitigations either via new technology, alternative compensating controls, or policy modifications for improving overall security posture.

•               Confirm compliance through periodic audits for determining security violations and inefficiencies.

•               Support security training and awareness program by providing ideas and contents to the training teams as well as conducting presentations on hot security topics for the stakeholders, as needed.

•               Engage and work with a variety of internal departments and external organizations, including but not limited to legal firms, law enforcement agencies, and all other levels of government.  

•               Analyze, respond, and report on information security events as well as incidents.

•               Participate in the routine administrative work of the corporate data security office (CDSO).

Job Requirements


•         Knowledge of one or more of the following areas: HIPAA Security and Privacy Rule, Red Flag Rule, Family Education Rights and Privacy Act (FERPA), HITECH, Meaningful Use (MU), or an equivalent.

•         Working knowledge of information security risk management and risk assessment methodologies.

•         Well versed in project management procedures and concepts.

•         Knowledgeable in two or more technical skills, such as IT infrastructure, operating systems, data centers, access controls, malware protection, security monitoring, physical security controls, etc.

•         Understanding of logging, monitoring and auditing functions, and continuous improvement plans.

•         Understanding of security risks due to joint ventures, acquisitions, contract management processes, and business impact analysis (BIA). 

•         Ability to work with 3rd party consultants as necessary.

•         Have soft skills, such as multi-tasking, self-starter, prioritizing, time management, decision making, teamwork, presentation, verbal and written communication, along with strong interpersonal skills.

•         Hands-on with Microsoft suite of applications (Word, Excel, PowerPoint, Project, etc.).


•         Strong background in IT, information security, and enterprise architecture.

•         Ability to develop a comprehensive picture of an organization’s technology and information needs, and then assess/test the security structures and controls designed to protect them. 

•         Sound technical background in security requirements and standards (e.g., HITRUST, HITECH, NIST, ISO 27K, COBIT, or an equivalent).

•         Comprehensive understanding of enterprise architecture designs related to data protection, healthcare applications, and cybersecurity.

•         Thorough understanding of enterprise security systems (e.g., IDPS, SEIM), security threats and related risks, malware protection, virtual networks,

•         Working knowledge of asset management, vulnerability management, access management, configuration management, encryption techniques, secure development lifecycle (SDLC), cloud security, and 3rd party security.

•         Sound understanding of Payment Card Industry (PCI) standards and requirements.

•         Knowledge of digital forensics, software programming, and web-based application security.

•         Knowledge and skills in implementing privacy, audit, and compliance is a plus.

•         Team player and a quick learner with strong communication and presentation skills.


Bachelor's degree required

Master's preferred (Computer Sciences, CyberSecurity)


•         Certified Information Systems Security Professional (CISSP)

•         Certified Information Security Manager (CISM)

•         Certified in Risk and Information Systems Control (CRISC)

•         Project Management Professional (PMP)

Job Snapshot

About Us

About Adventist Health System

Who We Are

We are one of the largest faith-based health care providers in the United States. For 150 years, we have carried on a tradition of providing whole-person care that not only addresses patients' physical ailments, but also supports their emotional and spiritual well-being. We demonstrate the same level of compassion and care for our employees as well, doing all that we can to help them realize their full potential – both personally and professionally.

Who You Are

You are a compassionate, talented professional who wants to work in an environment where you can live out your faith and your values. You are excited about being part of a team that uses the latest technology and medical research to ensure patients receive quality care, but who also recognize that great care is always personal. You enjoy going out of your way to make each patient and their family feel special, and are passionate about guiding them toward optimal health.

Our Community

Our community is global and so is our reach. From coordinating medical mission trips in Ethiopia to planting school gardens in Florida, we are constantly seeking ways to go beyond hospital walls in improving the health of our communities. As a member of our team, you will be encouraged to use your talents in fun, meaningful ways that bring joy and healing to people around the world.

Our Mission

Part of this worldwide network, Adventist Health System was founded in 1973 to support and strengthen the Seventh-day Adventist health care organizations in the Southern and Southwestern regions of the United States. Today it is a national leader in quality, safety and patient satisfaction, comprised of 46 hospital campuses and nearly 77,000 employees.

Although separated by geography, each of our facilities is united by the mission of Extending the Healing Ministry of Christ. Today we continue the tradition of whole-person care by practicing and sharing CREATION Health, a blueprint for living a healthy, happy life based on the principles given in the Bible’s creation story: Choice, Rest, Environment, Activity, Trust, Interpersonal relationships, Outlook and Nutrition.

We provide comprehensive benefits, training and advancement opportunities. We care for our employees as well as we care for our patients.