Job Information
HCA Healthcare Senior Security Analyst in Henderson, Nevada
Salary Estimate: $88795.20 - $150592.00 / year
Learn more about the benefits offered ( https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards ) for this job.
The estimate displayed represents the typical salary range of candidates hired. Factors that may be used to determine your actual salary may include your specific skills, how many years of experience you have and comparison to other employees already in this role. The typical candidate is hired below midpoint of the range.
Do you have the career opportunities as a(an) Senior Security Analyst you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare.
Job Summary
IPS Field Security Analysts are responsible for performing a wide range of tasks that support the ongoing maturation of the IPS program, including: driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and providing guidance and consultation to colleagues at every level to reduce or eliminate risky behaviors. They are responsible for helping workforce members appropriately comply with the company’s IPS requirements.
This role requires extensive focus on building and expanding relationships with key stakeholders who support IPS objectives and activities. IPS Field Security Analysts are tasked with the most complex work efforts, requiring them to leverage their IT, security, risk management and business experience to address IPS program deficiencies while meeting patient care and business needs.
The Security Analyst must have a combination of skills including written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.
Major Responsibilities:
Risk Management
Coordinate and perform risk assessments using corporate-provided tools and templates.
Work with local leaders to assess, submit and approve exceptions to IPS standards while working with them to implement controls to mitigate risk and remediate as able.
Drive and manage execution of corrective and risk treatment plans in concert with Cyber Issues Management to address deficiencies identified during risk assessments.
Assist the DISA in ensuring that designated committees (e.g., Security Committee, Ethics & Compliance Committee) receive, document, track, investigate, and sponsor remediation of security control deficiencies, suspected IPS incidents, and complaints. At the direction of the DISA, provide education and guidance to ensure these committees make informed, risk based decisions necessary to balance business needs and security objectives.
Work with Corporate IPS / Centralized Architect Team to identify appropriate security controls as part of the field intake process, and works with the IPS Field Security Engineer to provide assurance that the required security controls are implemented and working as designed.
Perform Security Risk Analysis (SRA) to validate that required security controls are in place in order to drive ongoing compliance with IPS policies, standards, and operational procedures.
Lead audit response activities to address IPS issues identified by Internal Audit, or external auditors (e.g., CMS HIPAA Security audits).
Issues Tracking and Resolution
Support, coordinate, and manage non-technical cyber security event/incident response investigation activities (i.e., Lost/Stolen Devices, Privacy RI, E&C).
Investigate information leaving the organization with appropriate leadership (i.e. Manager, ECO, HR, Legal) in support of Data Loss Prevention (DLP)
Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IPS issues are applied appropriately and consistently.
Perform follow-up education and consultation with workforce members exhibiting risky behaviors and/or behaviors that violate Company IPS policies and standards.
Execution
Provide ad hoc IPS guidance and consultation to all types and levels of workforce members and colleagues that balances business and security requirements
Educate ITG Colleagues on security policies and standards to help ensure compliance •Facilitate, and lead where appropriate, proactive IPS communication and awareness activities including coordinating with HR and training departments to ensure that periodic workforce training includes company required IPS content.
Coordinate development, documentation and testing of Disaster Recovery (DR) plans. •Assist the Division DISA in supporting and driving enterprise and division IPS projects and security efforts to a successful end and ensure that required processes are adopted and maintained.
Lead and coordinate implementation and adoption of technology and processes changes.
Vendor Systems Security
Collaborates with system business owners to ensure vendor contracts are in place for department and IT systems and services.
Work with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure specific systems, services, and devices receive proper security assessments and remediation.
Work with business, purchasing, and IT stakeholders to ensure proper controls are in place for existing vendor maintained solutions.
Work with system business owners and vendors to document system vulnerabilities and document mitigation controls or remediation actions. •Ensure vendor systems use approved connectivity, remote management and monitoring.
Education & Experience:
Bachelor's degree and 5+ years of experience in a relevant field or Required
High School Graduate/Equivalent and 14+ years of experience in a relevant field Required
3+ years of experience in security risk management, information security domains, and/or hospital operations Preferred
Experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices. Required
Exposure to management and/or operations in healthcare business or IT functional areas. Required
Experience in some combination of audit, risk management, information security, privacy, and information technology. Required
Knowledge of information security regulations (HIPAA Privacy/Security, Sarbanes-Oxley IT controls, Payment Card Industry (PCI) Required
Possesses the ability to build and maintain positive team relationships at all levels of the facility, market, and corporate levels. Required
Licenses, Certifications, & Training:
- CISSP, CISA, CISM, SEC+, CRISC, SSCP, or other relevant certifications in information security and cyber risk management. Preferred
Additional Information
The job may require up to 25% travel. (Locally within the Division)
Must be located in or willing to relocate to the Greater Area of Henderson, NV
This is a in office role when not traveling
Benefits
HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:
Comprehensive benefits for medical, prescription drug, dental, vision, behavioral health and telemedicine services
Wellbeing support, including free counseling and referral services
Time away from work programs for paid time off, paid family leave, long- and short-term disability coverage and leaves of absence
Savings and retirement resources , including a 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service), Employee Stock Purchase Plan, flexible spending accounts, preferred banking partnerships, retirement readiness tools, rollover support and financial wellbeing counseling
Education support through tuition assistance, student loan assistance, certification support, dependent scholarships and a partnership with Galen College of Nursing
Additional benefits for fertility and family building, adoption assistance, life insurance, supplemental health protection plans, auto and home insurance, legal counseling, identity theft protection and consumer discounts
Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)
Note: Eligibility for benefits may vary by location.
HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.
"Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder
If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Senior Security Analyst opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.