Information Security Specialist
at Adventist Health System

Date Posted: 8/6/2017

Job Description

Job:  Information Technology

Organization:  Adventist IT

Shift:  Day

Job Posting:  Jun 29, 2017, 7:15:54 AM

Information Security Specialist, as part of the information assurance team will safeguard information system assets by analyzing the security requirements of Adventist Health System (AHS), all its entities, and their information systems to identify potential or actual security compliance issues. This function will perform data security audit and compliance activities for assuring internal security controls, policies, processes, and procedures with respect to company and industry regulations. 


Responsibilities and essential job functions include but are not limited to the following:

• Contribute in developing and executing a comprehensive information security audit & compliance program and plans by scoping, reviewing, evaluating, and testing requirements for security controls and their effectiveness in meeting security compliance. 

• Examine records, reports, operating practices, and documentation by generating audit reports to ensure the integrity, confidentiality, and availability of information resources. Reviews may include assessments of administrative, physical and technical controls in place. 

• Communicate findings by preparing final report based on audit tests to the management.

• Assist internal/external auditors in their audits and/or special projects whenever needed.

• Communicate with auditees on requirements, testing, findings, remediation, tracking & reporting.

• Exercise professional judgment by evaluating information, making recommendations, and maintaining confidentiality of data per AHS policies, avoiding conflict of interests.

• Maintains a sound knowledge of information security controls, standards, and best practices related to information security and compliance with standards, laws, and regulations (e.g., HITRUST, PCI, HIPAA, etc.).

Job Requirements


• Understanding of Information security standards and frameworks (e.g., COBIT, ITIL, NIST, ISO), audit and compliance standards and/or other relevant regulation and guidelines (e.g., SOX, AICPA, PCAOB).

• Working background in IT, information security, applications, and/or data centers.

• Understanding of enterprise-wide information security controls and/or IT general controls (ITGC).

• Working knowledge of IT processes, procedures, testing concepts, and audit reporting.

• Knowledge of HIPAA Security & Privacy Rule, Meaningful Use (MU), Generally Accepted Auditing Standards (GAAS), SAS-70, and/or SSAE-16 reports.

• Ability to complete work in accordance with IIA and ISACA standards including preparation of detailed work papers adequately supporting conclusions.

• Ability to effectively communicate concerns and recommendations both verbally and through written reports from staff to leadership level.  

• Have soft skills, such as multi-tasking, self-starter, prioritization, time management, project management, presentation, and interpersonal skills.

• Team player with a positive enthusiastic attitude and communication skills.

• Microsoft Excel, Word, PowerPoint, MS-Project and Visio skills.


• Sound knowledge of HITRUST framework and compliance standards is a plus.

• Ability to extract data by using SQL or query tools.

• Knowledge of identity & access management systems, or logical access controls.

• Knowledge of Payment Card Industry (PCI) standards and requirements.

• Knowledge of SOC2 Type 1 or 2, and/or SSAE18 reports.

• Knowledge of GRC or other compliance management tools

• Knowledge of large enterprise systems and relevant technologies


• Bachelor’s degree in Science / Information Systems, or an equivalent.

• 5 or more years of experience in IT risk assessments, audit, and/or compliance.


• Masters in computer sciences / information systems / cybersecurity or business administration.

• 2 or more years of experience in information security audit and compliance of large complex organizations.

• Experience in a healthcare environment is a plus.


• Certified Information Systems Auditor (CISA)

• Certified Internal Controls Auditor (CICA)

• Certified Information Systems Security Professional (CISSP)

• GIAC Systems and Network Auditor (GSNA)

Job Snapshot

About Us

About Adventist Health System

Who We Are

We are one of the largest faith-based health care providers in the United States. For 150 years, we have carried on a tradition of providing whole-person care that not only addresses patients' physical ailments, but also supports their emotional and spiritual well-being. We demonstrate the same level of compassion and care for our employees as well, doing all that we can to help them realize their full potential – both personally and professionally.

Who You Are

You are a compassionate, talented professional who wants to work in an environment where you can live out your faith and your values. You are excited about being part of a team that uses the latest technology and medical research to ensure patients receive quality care, but who also recognize that great care is always personal. You enjoy going out of your way to make each patient and their family feel special, and are passionate about guiding them toward optimal health.

Our Community

Our community is global and so is our reach. From coordinating medical mission trips in Ethiopia to planting school gardens in Florida, we are constantly seeking ways to go beyond hospital walls in improving the health of our communities. As a member of our team, you will be encouraged to use your talents in fun, meaningful ways that bring joy and healing to people around the world.

Our Mission

Part of this worldwide network, Adventist Health System was founded in 1973 to support and strengthen the Seventh-day Adventist health care organizations in the Southern and Southwestern regions of the United States. Today it is a national leader in quality, safety and patient satisfaction, comprised of 46 hospital campuses and nearly 77,000 employees.

Although separated by geography, each of our facilities is united by the mission of Extending the Healing Ministry of Christ. Today we continue the tradition of whole-person care by practicing and sharing CREATION Health, a blueprint for living a healthy, happy life based on the principles given in the Bible’s creation story: Choice, Rest, Environment, Activity, Trust, Interpersonal relationships, Outlook and Nutrition.

We provide comprehensive benefits, training and advancement opportunities. We care for our employees as well as we care for our patients.