InfoSec Risk Mgmt Specialist - Sr
Altamonte Springs, Florida
All the benefits and perks you need for you and your family:
- Benefits from Day One
- Paid Days Off from Day One
- Student Loan Repayment Program
- Career Development
- Whole Person Wellbeing Resources
- Mental Health Resources and Support
Our promise to you:
Joining AdventHealth is about being part of something bigger. It's about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.
Schedule: Full Time
The role you'll contribute:
The Senior Information Security Specialist, as part of the risk management team, will safeguard information system assets by analyzing the security requirements of AdventHealth, all of its entities, and its information systems to identify and solve potential and actual security issues. This function will perform regular and ad-hoc risk assessments and follow up on remediation activities to update risk posture on implemented security controls. This position will also be responsible for assisting with designing, planning, implementing and maintaining the information security risk management program and related tools. Some of the other key activities include reviewing existing information security policies, ensuring that risk management procedures are implemented in accordance with information security policy and standards, and that security metrics are being measured to provide snapshot of overall information security governance and risk posture for the organization. Senior Information Security Specialists in our team must analyze security requirements, measures and concerns to help the business and operational teams in developing effective strategies for mitigating security risks. This person should also have the knowledge of industry best practices for supporting the security of information systems and related techniques in order to handle the confidentiality, integrity and availability of the sensitive information. Strong interpersonal and communication skills, critical-thinking, analytical and problem-solving skills are required to avoid checkbox mentality and tackle unexpected challenges by coming up with intelligent ways of providing information security through best practices and compensating controls. This specialist must have an excellent understanding of current security standards, protocols, up-to-date knowledge of security threats and risks, related mitigation skills along with project management experience. He/she should be able to work well under pressure, independently, and be seen as a leader when participating in a team setting to achieve organizational goals.
The value you'll bring to the team:
• Develop an in-depth picture of the organization's information security posture through risk assessments including but not limited to interviewing stakeholders, management and other executives, reviewing compliance with security policies and standards, documentation, following up and validate remediation, and analyze the security and governance infrastructure.
• Lead risk management program activities and report findings to upper management.
• Perform risk assessments, risk analysis and report on security controls enterprise-wide.
• Document all risk management work consistently using department developed best practices and an enterprise Governance, Risk and Compliance (GRC) solution.
• Support AHS workforce members at the highest levels in the implementation, remediation, monitoring, and maintenance of information security policies, standards and security corrective actions across the organization, leveraging sound technical knowledge and information security concepts.
• Minimize information security threats by examining governance, infrastructure, applications, systems, devices and facilities to identify security flaws, using risk analysis and follow up on corrective action plan.
• Present findings in a professional manner, recommending corrective actions, mitigations either via new technology, alternative compensating controls or policy modifications for improving overall security posture.
• Support information security training and awareness program by providing ideas and contents to the training teams as well as conducting presentations on hot security topics for the stakeholders, as needed.
• Engage and work with a variety of internal departments and external organizations, including but not limited to legal firms, law enforcement agencies and all other levels of government.
• Participate in the routine administrative work of the information security department.
Qualifications
The expertise and experiences you'll need to succeed :
KNOWLEDGE AND SKILLS REQUIRED:
• Knowledge of three or more of the following areas: HIPAA Security and Privacy Rule, Red Flags Rule, Healthcare IT Standards (HITSP), HITECH, Meaningful Use (MU), COBIT, PCI, and HITRUST.
• Working knowledge of information security risk management and risk assessment methodologies.
• Well versed in project management procedures and concepts.
• Knowledge of infrastructure and clinical applications commonly found in a large healthcare system.
• Skilled at logging, monitoring, and reporting key performance indicators (KPI) and development of continuous improvement plans.
• Ability to analyze and manage security risks due to joint ventures, acquisitions, contract management processes, and business impact analysis (BIA).
• Ability to negotiate and work with third-party consultants as necessary.
• Have soft skills, such as multi-tasking, self-starter, prioritization, time management, decision making, teamwork, presentation, communication and strong interpersonal skills.
• Microsoft suite of applications (Word, Excel, PowerPoint, Project, etc.).
KNOWLEDGE AND SKILLS PREFERRED:
• Strong background in IT, information security, and enterprise architecture.
• Ability to develop a comprehensive picture of an organization's technology and information needs, and then assess the security structures and controls designed to protect them.
• Strong technical background in information security requirements and standards (e.g., HITRUST, HITECH, NIST, ISO 27001/2, ITIL, and COBIT).
• Comprehensive understanding of enterprise architecture designs related to data protection, healthcare applications, and cybersecurity.
• Understanding of enterprise security systems (e.g., Firewalls, VPN, IDPS, SEIM), security threats and related risks, malware protection, and virtual networks.
• Working knowledge of asset management, pen-testing, vulnerability management, access management, configuration management, encryption techniques, secure development lifecycle (SDLC), cloud security, and third-party security.
• Sound understanding of Payment Card Industry (PCI) standards and requirements for PCI risk assessments.
• Knowledge of digital forensics, software programming and application security.
• Knowledge and skills in implementing privacy, audit and compliance.
• Team player and a quick learner with strong communication and presentation skills.
EDUCATION AND EXPERIENCE REQUIRED:
• Bachelor's degree in computer science, information systems, cyber security, a related field or an equivalent five years of related work experience
• Five or more years of experience in risk assessments and risk-based information security programs.
• At least five years of experience with information security frameworks (NIST, ISO, or HITRUST).
EDUCATION AND EXPERIENCE PREFERRED:
• Master's in computer science, information systems/technology, cybersecurity or business administration from an accredited university.
• Three or more years of work experience in security risk management in healthcare industry.
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
• Certified Information Systems Auditor (CISA) and/or
Certified Information Systems Security Professional (CISSP) or willing to complete CISSP within 12 months
- Benefits from Day One
- Paid Days Off from Day One
- Student Loan Repayment Program
- Career Development
- Whole Person Wellbeing Resources
- Mental Health Resources and Support
Our promise to you:
Joining AdventHealth is about being part of something bigger. It's about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.
Schedule: Full Time
The role you'll contribute:
The Senior Information Security Specialist, as part of the risk management team, will safeguard information system assets by analyzing the security requirements of AdventHealth, all of its entities, and its information systems to identify and solve potential and actual security issues. This function will perform regular and ad-hoc risk assessments and follow up on remediation activities to update risk posture on implemented security controls. This position will also be responsible for assisting with designing, planning, implementing and maintaining the information security risk management program and related tools. Some of the other key activities include reviewing existing information security policies, ensuring that risk management procedures are implemented in accordance with information security policy and standards, and that security metrics are being measured to provide snapshot of overall information security governance and risk posture for the organization. Senior Information Security Specialists in our team must analyze security requirements, measures and concerns to help the business and operational teams in developing effective strategies for mitigating security risks. This person should also have the knowledge of industry best practices for supporting the security of information systems and related techniques in order to handle the confidentiality, integrity and availability of the sensitive information. Strong interpersonal and communication skills, critical-thinking, analytical and problem-solving skills are required to avoid checkbox mentality and tackle unexpected challenges by coming up with intelligent ways of providing information security through best practices and compensating controls. This specialist must have an excellent understanding of current security standards, protocols, up-to-date knowledge of security threats and risks, related mitigation skills along with project management experience. He/she should be able to work well under pressure, independently, and be seen as a leader when participating in a team setting to achieve organizational goals.
The value you'll bring to the team:
• Develop an in-depth picture of the organization's information security posture through risk assessments including but not limited to interviewing stakeholders, management and other executives, reviewing compliance with security policies and standards, documentation, following up and validate remediation, and analyze the security and governance infrastructure.
• Lead risk management program activities and report findings to upper management.
• Perform risk assessments, risk analysis and report on security controls enterprise-wide.
• Document all risk management work consistently using department developed best practices and an enterprise Governance, Risk and Compliance (GRC) solution.
• Support AHS workforce members at the highest levels in the implementation, remediation, monitoring, and maintenance of information security policies, standards and security corrective actions across the organization, leveraging sound technical knowledge and information security concepts.
• Minimize information security threats by examining governance, infrastructure, applications, systems, devices and facilities to identify security flaws, using risk analysis and follow up on corrective action plan.
• Present findings in a professional manner, recommending corrective actions, mitigations either via new technology, alternative compensating controls or policy modifications for improving overall security posture.
• Support information security training and awareness program by providing ideas and contents to the training teams as well as conducting presentations on hot security topics for the stakeholders, as needed.
• Engage and work with a variety of internal departments and external organizations, including but not limited to legal firms, law enforcement agencies and all other levels of government.
• Participate in the routine administrative work of the information security department.
Qualifications
The expertise and experiences you'll need to succeed :
KNOWLEDGE AND SKILLS REQUIRED:
• Knowledge of three or more of the following areas: HIPAA Security and Privacy Rule, Red Flags Rule, Healthcare IT Standards (HITSP), HITECH, Meaningful Use (MU), COBIT, PCI, and HITRUST.
• Working knowledge of information security risk management and risk assessment methodologies.
• Well versed in project management procedures and concepts.
• Knowledge of infrastructure and clinical applications commonly found in a large healthcare system.
• Skilled at logging, monitoring, and reporting key performance indicators (KPI) and development of continuous improvement plans.
• Ability to analyze and manage security risks due to joint ventures, acquisitions, contract management processes, and business impact analysis (BIA).
• Ability to negotiate and work with third-party consultants as necessary.
• Have soft skills, such as multi-tasking, self-starter, prioritization, time management, decision making, teamwork, presentation, communication and strong interpersonal skills.
• Microsoft suite of applications (Word, Excel, PowerPoint, Project, etc.).
KNOWLEDGE AND SKILLS PREFERRED:
• Strong background in IT, information security, and enterprise architecture.
• Ability to develop a comprehensive picture of an organization's technology and information needs, and then assess the security structures and controls designed to protect them.
• Strong technical background in information security requirements and standards (e.g., HITRUST, HITECH, NIST, ISO 27001/2, ITIL, and COBIT).
• Comprehensive understanding of enterprise architecture designs related to data protection, healthcare applications, and cybersecurity.
• Understanding of enterprise security systems (e.g., Firewalls, VPN, IDPS, SEIM), security threats and related risks, malware protection, and virtual networks.
• Working knowledge of asset management, pen-testing, vulnerability management, access management, configuration management, encryption techniques, secure development lifecycle (SDLC), cloud security, and third-party security.
• Sound understanding of Payment Card Industry (PCI) standards and requirements for PCI risk assessments.
• Knowledge of digital forensics, software programming and application security.
• Knowledge and skills in implementing privacy, audit and compliance.
• Team player and a quick learner with strong communication and presentation skills.
EDUCATION AND EXPERIENCE REQUIRED:
• Bachelor's degree in computer science, information systems, cyber security, a related field or an equivalent five years of related work experience
• Five or more years of experience in risk assessments and risk-based information security programs.
• At least five years of experience with information security frameworks (NIST, ISO, or HITRUST).
EDUCATION AND EXPERIENCE PREFERRED:
• Master's in computer science, information systems/technology, cybersecurity or business administration from an accredited university.
• Three or more years of work experience in security risk management in healthcare industry.
LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:
• Certified Information Systems Auditor (CISA) and/or
Certified Information Systems Security Professional (CISSP) or willing to complete CISSP within 12 months
Created: 2024-09-12
Reference: 24030209
Country: United States
State: Florida
City: Altamonte Springs
About AdventHealth
Founded in: 1973
Number of Employees: 80000
Website: https://www.adventhealth.com/
Career site: https://jobs.adventhealth.com/
Wikipedia: https://en.wikipedia.org/wiki/AdventHealth
Instagram: https://www.instagram.com/adventhealth/
Facebook: https://www.facebook.com/AdventHealth/
Similar jobs:
-
Risk Management Specialist-Registered Nurse-Risk Mgmt-BHMC #7705
Broward Health in Fort Lauderdale, Florida -
Health Information Mgmt - Document Imaging Specialist
AdventHealth in Tampa, Florida -
Health Information Mgmt - Document Imaging Specialist
AdventHealth in Tampa, Florida