Information Security Specialist - Risk Mgt
at Adventist Health System

Date Posted: 8/1/2017

Job Description



Job:  Information Technology

Organization:  Adventist IT

Shift:  Day

Job Posting:  May 31, 2017, 9:58:38 AM

Senior Information Security Specialist as part of the risk management team will safeguard information system assets by analyzing the security requirements of Adventist Health System (AHS), all of its entities, and their Information systems to identify and solve potential and actual security issues. This function will perform regular and ad-hoc risk assessments and follow up on remediation activities to update risk posture on implemented security controls. Provide Employees, Medical staff, and Contingent users (EMC) with security awareness and training. This position will also be responsible for assisting with designing, planning, implementing, and maintaining the security risk management program and related tools. Some of the other key activities include reviewing and recommending existing security policies, assessing that procedures are implemented in accordance with the security policy and standards, and that security metrics are being measured to provide snapshot of overall security governance and risk posture for the organization. The specialists in our team must analyze security requirements, measures, and concerns to help the business and operational teams in developing effective strategies for mitigating security risks. This person should also have the knowledge of industry best practices for supporting the security of information systems and related techniques in order to handle the confidentiality, integrity, and availability of the sensitive information. Strong interpersonal and communication skills, critical thinking, analytical and problem solving skills are required to avoid checkbox mentality and tackle unexpected challenges by coming up with intelligent ways of providing security through standards and alternate compensating controls. This specialist must have an excellent understanding of current security standards, protocols, up-to-date knowledge of security threats and risks, related mitigation skills along with project management experience. He/she should be able to work well under pressure, independently, and also be able to perform effectively in a team setting to achieve organizational goals.




PRINCIPAL DUTIES AND JOB RESPONSIBILITIES:
Responsibilities and essential job functions include but are not limited to the following:
• Develop an in-depth picture of the organization’s security posture through risk assessments including but not limited to interviewing stakeholders, management and other executives, reviewing compliance with security policies and standards, documentation, following up and validate remediation, and analyze the security and governance infrastructure.
• Lead risk management program and report findings to upper management.
• Support workforce members at the highest levels in the implementation, remediation, monitoring, and maintenance of security policies, standards, and security corrective actions across the organization, leveraging sound technical knowledge and security concepts.
• Perform all types of risk assessments on security controls enterprise-wide.
• Minimize security threats by examining governance, infrastructure, applications, systems, devices, and facilities to identify security flaws, using risk analysis and follow up on corrective action plan.
• Present findings in a professional manner, recommending mitigations either via new technology, alternative compensating controls, or policy modifications for improving overall security posture.
• Support security training and awareness program by providing ideas and contents to the training teams as well as conducting presentations on hot security topics for the stakeholders, as needed.
• Engage and work with a variety of internal departments and external organizations, including but not limited to legal firms, law enforcement agencies, and all other levels of government.
• Participate in the routine administrative work of the corporate data security office (CDSO).

Job Requirements

KNOWLEDGE AND SKILLS REQUIRED:
• Knowledge of three or more of the following areas: HIPAA Security and Privacy Rule, Red Flags Rule, Healthcare IT Standards (HITSP), HITECH, Meaningful Use (MU), COBIT, PCI, and HITRUST.
• Working knowledge of information security risk management and risk assessment methodologies.
• Well versed in project management procedures and concepts.
• Must have diverse set of technical skills, such as IT infrastructure, operating systems, data centers, access controls, cloud security, applications security, malware protection, security monitoring, physical security controls, etc.
• Skilled at logging, monitoring, and reporting key performance indicators (KPI) and development of continuous improvement plans.
• Ability to analyze and manage security risks due to joint ventures, acquisitions, contract management processes, and business impact analysis (BIA).
• Ability to negotiate and work with 3rd party consultants as necessary.
• Have soft skills, such as multi-tasking, self-starter, prioritization, time management, decision making, teamwork, presentation, communication and strong interpersonal skills.
• Microsoft suite of applications (Word, Excel, PowerPoint, Project, etc.).

KNOWLEDGE AND SKILLS PREFERRED:
• Strong background in IT, information security, and enterprise architecture.
• Ability to develop a comprehensive picture of an organization’s technology and information needs, and then assess the security structures and controls designed to protect them.
• Strong technical background in security requirements and standards (e.g., HITRUST, HITECH, NIST, ISO 27001/2, ITIL, and COBIT).
• Comprehensive understanding of enterprise architecture designs related to data protection, healthcare applications, and cybersecurity.
• Thorough understanding of enterprise security systems (e.g., Firewalls, VPN, IDPS, SEIM), security threats and related risks, malware protection, and virtual networks.
• Working knowledge of asset management, pen-testing, vulnerability management, access management, configuration management, encryption techniques, secure development lifecycle (SDLC), cloud security, and 3rd party security.
• Sound understanding of Payment Card Industry (PCI) standards and requirements for PCI risk assessments.
• Knowledge of digital forensics, software programming, and application security.
• Knowledge and skills in implementing privacy, audit, and compliance is a plus.
• Team player and a quick learner with strong communication and presentation skills.


EDUCATION AND EXPERIENCE REQUIRED:

• Bachelor’s degree in Computer Science or Information Systems.
• 7 or more years of experience in risk assessments and risk-based information security programs.
• At least 3 years of experience with security frameworks (NIST, ISO, or HITRUST).

EDUCATION AND EXPERIENCE PREFERRED:
• Masters in computer science, information systems/technology, cybersecurity, or business administration from an accredited university.
• 4 or more years of work experience in security risk management in healthcare industry.


LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:

• Certified Information Systems Security Professional (CISSP)

LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:

• Project Management Professional (PMP)
• In addition to CISSP, Certified Information Security Manager (CISM)
• In addition to CISSP, Certified in Risk and Information Systems Control (CRISC)

Job Snapshot

About Us

About Adventist Health System

Who We Are

We are one of the largest faith-based health care providers in the United States. For 150 years, we have carried on a tradition of providing whole-person care that not only addresses patients' physical ailments, but also supports their emotional and spiritual well-being. We demonstrate the same level of compassion and care for our employees as well, doing all that we can to help them realize their full potential – both personally and professionally.

Who You Are

You are a compassionate, talented professional who wants to work in an environment where you can live out your faith and your values. You are excited about being part of a team that uses the latest technology and medical research to ensure patients receive quality care, but who also recognize that great care is always personal. You enjoy going out of your way to make each patient and their family feel special, and are passionate about guiding them toward optimal health.

Our Community

Our community is global and so is our reach. From coordinating medical mission trips in Ethiopia to planting school gardens in Florida, we are constantly seeking ways to go beyond hospital walls in improving the health of our communities. As a member of our team, you will be encouraged to use your talents in fun, meaningful ways that bring joy and healing to people around the world.

Our Mission

Part of this worldwide network, Adventist Health System was founded in 1973 to support and strengthen the Seventh-day Adventist health care organizations in the Southern and Southwestern regions of the United States. Today it is a national leader in quality, safety and patient satisfaction, comprised of 46 hospital campuses and nearly 77,000 employees.

Although separated by geography, each of our facilities is united by the mission of Extending the Healing Ministry of Christ. Today we continue the tradition of whole-person care by practicing and sharing CREATION Health, a blueprint for living a healthy, happy life based on the principles given in the Bible’s creation story: Choice, Rest, Environment, Activity, Trust, Interpersonal relationships, Outlook and Nutrition.

We provide comprehensive benefits, training and advancement opportunities. We care for our employees as well as we care for our patients.