|Location||Altamonte Springs, FL|
|Date Posted||February 8, 2021|
IS Governance Specialist -Sr
AdventHealth Information Technology
Location Address: Orlando, FL
Top Reasons To Work At AdventHealth Corporate
- Great benefits
- Immediate Health Insurance Coverage
- Career growth and advancement potential
- Award-winning IT Department
Full-Time, Monday – Friday
You Will Be Responsible For:
- Contribute to the overall work activities of the Information Security Governance Team
- Stay current on industry trends, emerging risks, legal and regulatory changes, and participate in industry forums (ex. ISACA, ISSA, ISC2, HITRUST, etc..).
- Contribute to the creation and maintenance of policies, standards, and guidelines for the Information Security Department.
- Contribute to GRC activities in the compliance and risk management modules.
- Assist in the creation of reports and metrics on governance activities using the GRC solution and manually where necessary
- Conduct policy exception activities.
- Consult with information technology and solution owners on the interpretation and application of controls.
- Conduct internal and external audit activities for governance controls.
- Conduct network security reviews for governance controls.
- Cross-train with the manager of the Risk Assessment team and conduct hospital and other facility Risk Assessments both onsite and virtual.
KNOWLEDGE AND SKILLS REQUIRED:
- Experience working with the HITRUST Common Security Framework or similar framework
- Knowledge of the following areas: HIPAA Security and Privacy Rule, Red Flags Rule, Healthcare IT Standards (HITSP), NIST 800-53 and PCI.
- Knowledge of information technology and the application of information security controls in IT environments
- Knowledge of regulatory requirements and emerging trends and issues
- Understanding of enterprise security systems (e.g., Firewalls, VPN, IDPS, SIEM), security threats and related risks
- Demonstrated communication skills
- Ability to write, edit and maintain a large volume of professional documentation including policies and procedures in a high pressure and time sensitive document development cycle
- Knowledge with creation of metrics
- Experience working in a policy and procedure management solution(s) (e.g. PolicyMedical, NAVEX PolicyTech, PolicyStat)
- Experience working in a Governance, Risk and Compliance (GRC) solution(s) (e.g. Keylight, Archer, RSAM)
- Microsoft suite of applications (Word, Excel, PowerPoint, Visio etc.)
- Excellent written and verbal communication skills
- Have soft skills, such as multi-tasking, self-starter, prioritization, time management, teamwork, communication and strong interpersonal skills
- Team player and a quick learner with strong communication and presentation skills
KNOWLEDGE AND SKILLS PREFERRED:
- Strong background in IT, information security
- Ability to assess the organization’s information security needs and then design controls that align with an information security framework as well as the organizations IT and business goals
- Strong technical background in information security requirements and standards (e.g. HIPAA, HITRUST, HITECH, NIST, ISO 27001/2, ITIL, and PCI)
- 5 or more years experience maintaining information security controls in an IT environment
- Working knowledge of asset management, pen-testing, vulnerability management, access management, configuration management, encryption techniques, secure development lifecycle (SDLC), cloud security, and 3rd party security.
- Sound understanding of Payment Card Industry (PCI) standards and requirements
- Knowledge of digital forensics, software programming, and application security
EDUCATION AND EXPERIENCE REQUIRED:
- Bachelor’s degree in computer science, information systems, cyber security, a related field or an equivalent five years of related work experience
- Five or more years of experience in risk assessments and risk-based information security programs.
- At least five years of experience with information security frameworks (NIST, ISO, or HITRUST).
EDUCATION AND EXPERIENCE PREFERRED:
- Master’s in computer science, information systems/technology, cybersecurity or business administration from an accredited university.
- Three or more years of work experience in security risk management in healthcare industry.
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
- Certified Information Systems Auditor (CISA) and/or
Certified Information Systems Security Professional (CISSP) or willing to complete CISSP within 12 months
The Senior Information Security Specialist, as part of the risk management team, will safeguard information system assets by analyzing the security requirements of AdventHealth, all of its entities, and its information systems to identify and solve potential and actual security issues. This function will perform regular and ad-hoc risk assessments and follow up on remediation activities to update risk posture on implemented security controls. This position will also be responsible for assisting with designing, planning, implementing and maintaining the information security risk management program and related tools. Some of the other key activities include reviewing existing information security policies, ensuring that risk management procedures are implemented in accordance with information security policy and standards, and that security metrics are being measured to provide snapshot of overall information security governance and risk posture for the organization. Senior Information Security Specialists in our team must analyze security requirements, measures and concerns to help the business and operational teams in developing effective strategies for mitigating security risks. This person should also have the knowledge of industry best practices for supporting the security of information systems and related techniques in order to handle the confidentiality, integrity and availability of the sensitive information. Strong interpersonal and communication skills, critical-thinking, analytical and problem-solving skills are required to avoid checkbox mentality and tackle unexpected challenges by coming up with intelligent ways of providing information security through best practices and compensating controls. This specialist must have an excellent understanding of current security standards, protocols, up-to-date knowledge of security threats and risks, related mitigation skills along with project management experience. He/she should be able to work well under pressure, independently, and be seen as a leader when participating in a team setting to achieve organizational goals.
This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.