Information Security Specialist - Intermediate
at Adventist Health System

Date Posted: 7/25/2017

Job Description



Job:  Information Technology

Organization:  Adventist IT

Shift:  Day

Job Posting:  Jul 24, 2017, 2:28:31 PM

A secure and reliable security infrastructure is required in order to ensure the protection of Adventist Health System data assets, Protected Health Information and all forms of personal identity information. The Information Technology Security Engineer will support the implementation, configuration and all subsequent modifications to all targeted enterprise applications, while ensuring adequate security and control measures. 

The Information Technology Security Engineer is a position within the IT organization that works with security analysts, IT management, IT security and system engineers at all levels of the organization. Key responsibilities include the development and application of system account administration process improvements, standardized security build, data analysis and reporting, proper testing and change control techniques, structured troubleshooting techniques. The Information Technology Security Engineer will lead Corporate IT projects or project tasks in accordance with organizational security goals and objectives.

The Information Technology Security Engineer is expected to be a visible internal spokesperson for application security and controls, charged with gaining widespread support of and compliance with application security requirements. This position will execute all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. 
 
The Engineer will work to resolve problems and keep management apprised of problem issues and resolution. This individual will embrace the mission of Adventist Health Systems, demonstrating outstanding leadership, approachability, integrity and mentoring skills. The analyst will be able to facilitate discussions, which may involve conflict, while maintaining composure. The Engineer should actively seek to maintain industry recognized security concepts, guidelines, and regulatory requirements and where these should be applied within the organization.

PRINCIPAL DUTIES AND JOB RESPONSIBILITIES:
• Identification and evaluation of complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
• Design, develop, and implement security and account data management for enterprise applications.
• Must have development skills to implement changes relating to enterprise security applications.
• Responsible for managing projects utilizing the full system development lifecycle.
• Lead implementation meetings, workshops, and create training materials.
• Engage vendors to customize software based on the needs of the organization.
• Development experience and familiarity with scripting languages such as: PowerShell, Visual Basic, XSLT, Perl, Batch Files, AutoIT Scripts.
• Ability to utilize industry support tools to support security building, auditing, reporting and support processes. (Excel, PowerPoint, CCL/SQL, Crystal Reports, etc.)
• Ability to apply best practice in troubleshooting, testing techniques, and quality assurance.
• Strong knowledge of information security systems including LDAP, Encryption Protocols, SSL, Certificates.
• Understanding of relational data modeling, data warehousing standards and schema, communications protocols such as HTTP, TCP/IP, FTP, and Firewall.
• Experienced with large and complex systems having multi-layered architectures and use of Software Development Lifecycle methodology.
• Excels in a fast paced environment, able to handle rapidly changing requirements, and perform under tight timelines.
• Must be a fast learner with a commitment to personal growth in the domain of Information Security.
• Proven experience in partnering with vendors in software development and customization.
• Expertise in access control design and development.
• Expertise in application risk assessment and reporting of application design limitations and/or vulnerabilities.
• Can travel occasionally as needed to support project implementation and support as needed.

Job Requirements

KNOWLEDGE AND SKILLS REQUIRED:

• Experience in conducting technical auditing to determine root cause analysis of security-related events, policy and/or regulatory violations.
• Expertise in knowledge of healthcare or clinical physician practices is recommended.
• Industry-recognized security certification. (Security +, CISA, CISSP or other)
• Knowledge of industry recognized security concepts, regulatory agencies, and security best practice.
• Demonstrated ability to work with Business and IS stakeholders to develop enterprise-level design assurance meeting the business needs.
• Proven competence to independently champion architecture principles with business owners, application owners, and technology partners.
• Understanding of key InfoSec concepts, regulation & frameworks (i.e. ARRA/HITECH, HIPAA, PCI, Red Flag, SOX, Safe Harbor, NIST, ISO).
• Experience or certification in Microsoft operating systems and Office suite.
• Strong interpersonal skills with a positive and enthusiastic “can do” attitude.
• Must be self-motivated, responsible, conscientious, and detail-oriented and possess a passion for excellence.
• Quick learner who can master system design with little or no documentation. Continuous learning of new systems, business processes & concepts.
• Proven experience in mentoring and communicating with people of varying levels of technical competencies. Must be able to communicate highly technical information in a non-technical format.
• Must possess strong interpersonal, verbal and written communication skills and have experience and willingness to teach/mentor others.
• Skilled in creating, training and utilizing reporting tools and methods to support requirements for auditing, analysis, data reporting, etc.
• Excellent project management, change management, process management, time management and organizational skills. Ability to lead and implement large and complex projects within approved budget and timelines. This will include all aspects such as facilitation of user meetings, business analysis, project planning, training, and implementation. Must have proven ability to estimate level of effort, duration, and anticipate and communicate multiple priorities.
• Aptitude to present security models, regulatory and compliance directives, policies, standards, industry best practice and application security architecture in a clear and engaging way.

PREFERRED KNOWLEDGE AND SKILLS:

EDUCATION AND EXPERIENCE REQUIRED:
• Bachelor's Degree in Computer Science, Engineering, Information Systems or related area.
• 3+ years of experience in writing and analyzing a complex form of SQL (CCL, PL/SQL, SQL MSSQL, MySQL).
• 3+ years Software design and architecture experience in ERP, Identity Management, Cerner EMR and/or other major enterprise system.
• 2+ years Active Directory administration, build and/or design experience.
• 3-5 years of experience in Meeting with customers and vendors to gather product requirements.
• 3-5 years of experience in application security administration.
• 1+ years of object-oriented programming training and/or experience (Java, C++ or similar).

Job Snapshot

About Us

About Adventist Health System

Who We Are

We are one of the largest faith-based health care providers in the United States. For 150 years, we have carried on a tradition of providing whole-person care that not only addresses patients' physical ailments, but also supports their emotional and spiritual well-being. We demonstrate the same level of compassion and care for our employees as well, doing all that we can to help them realize their full potential – both personally and professionally.

Who You Are

You are a compassionate, talented professional who wants to work in an environment where you can live out your faith and your values. You are excited about being part of a team that uses the latest technology and medical research to ensure patients receive quality care, but who also recognize that great care is always personal. You enjoy going out of your way to make each patient and their family feel special, and are passionate about guiding them toward optimal health.

Our Community

Our community is global and so is our reach. From coordinating medical mission trips in Ethiopia to planting school gardens in Florida, we are constantly seeking ways to go beyond hospital walls in improving the health of our communities. As a member of our team, you will be encouraged to use your talents in fun, meaningful ways that bring joy and healing to people around the world.

Our Mission

Part of this worldwide network, Adventist Health System was founded in 1973 to support and strengthen the Seventh-day Adventist health care organizations in the Southern and Southwestern regions of the United States. Today it is a national leader in quality, safety and patient satisfaction, comprised of 46 hospital campuses and nearly 77,000 employees.

Although separated by geography, each of our facilities is united by the mission of Extending the Healing Ministry of Christ. Today we continue the tradition of whole-person care by practicing and sharing CREATION Health, a blueprint for living a healthy, happy life based on the principles given in the Bible’s creation story: Choice, Rest, Environment, Activity, Trust, Interpersonal relationships, Outlook and Nutrition.

We provide comprehensive benefits, training and advancement opportunities. We care for our employees as well as we care for our patients.