Consulting Facility Information Security Official

Introduction

Do you have the career opportunities as a(an) Consulting Facility Information
Security Official you want with your current employer? We have an exciting
opportunity for you to join HCA Healthcare which is part of the nation’s
leading provider of healthcare services, HCA Healthcare.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life,
career and retirement of our colleagues. The available plans and programs
include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
• Family support through fertility and family building benefits with Progyny and adoption assistance.
• Referral services for child, elder and pet care, home and auto repair, event planning and more
• Consumer discounts through Abenity and Consumer Discounts
• Retirement readiness, rollover assistance services and preferred banking partnerships
• Education assistance (tuition, student loan, certification support, dependent scholarships)
• Colleague recognition program
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits
_Note: Eligibility for benefits may vary by location._
Our teams are a committed, caring group of colleagues. Do you want to work as
a(an) Consulting Facility Information Security Official where your passion for
creating positive patient interactions is valued? If you are dedicated to
caring for the well-being of others, this could be your next opportunity. We
want your knowledge and expertise!
Job Summary
The Consulting Zone Facility Information Security Official (ZFISO) is
responsible for leading, driving, and, in some cases, implementing Information
Protection & Security (IPS) activities. He or she serves as a liaison between
local leadership, corporate SMEs, and IPS leadership. Consulting ZFISOs
operate independently with minimal supervision from the DISA and provide
mentoring to less-experienced ZFISOs.
Consulting ZFISOs are responsible for leading the ongoing maturation of the
IPS Program, including: driving consistency and visibility of IPS risk
management activities; working with business owners to protect patients and
prevent data loss; and rounding with leadership to reduce or eliminate risky
behaviors. This role is responsible for helping workforce members
appropriately comply with the company’s IPS requirements.
Consulting ZFISOs are tasked with the most complex work efforts, requiring
them to leverage their IT, security, and business experience to address IPS
program deficiencies while meeting patient care and business needs.
This role requires extensive focus on building and expanding relationships
with key stakeholders such as leadership; workforce members; physicians; IT
teams; business owners; vendors; and other people and entities who support IPS
objectives and activities.
Major Responsibilities:

Risk Management

• Coordinate and perform risk assessments using corporate-provided tools and templates.
• Drive and manage execution of corrective action plans to address deficiencies identified during risk assessments.
• Ensure the designated committee (e.g., Facility Security Committee, Facility Ethics & Compliance Committee) receives, documents, tracks, investigates, and sponsors remediation of security control deficiencies, suspected IPS incidents, and complaints. Provide education and guidance to ensure these committees make informed, risk-based decisions necessary to balance business needs and security objectives.
• Represent IPS needs in strategic planning, budgeting, and work prioritization processes.
• Drive ongoing compliance with IPS policies, standards, and operational procedures.
• Work with leaders to submit and approve exceptions to IPS standards.
• Lead audit response activities to address IPS issues identified by Internal Audit or external auditors (e.g., CMS HIPAA Security audits).

Issues Tracking and Resolution

• Support, coordinate, and manage incident response and investigation activities.
• Investigate information leaving the organization with appropriate leadership (i.e. Manager, ECO, HR, Legal)
• Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IPS issues are applied appropriately and consistently.
• Perform follow-up education and consultation with workforce members with risky behaviors and/or behaviors that violate Company policies and standards.

Execution

• Round to build and strengthen relationships with workforce members at all levels and to educate staff on how to reduce or eliminate risky behaviors.
• Facilitate, and lead where appropriate, proactive IPS communication and awareness activities, including coordinating with HR and training departments to ensure that periodic workforce training includes company-required IPS content.
• Assist with and manage the review and approval of user requests for high-risk access.
• Assist the IPS Director in driving key elements in the enterprise and division IS programs to ensure that required processes are adopted and maintained.
• Lead and coordinate implementation and adoption of technology and processes changes.

Vendor Systems Security

• Collaborates with system business owners to ensure vendor contracts are in place for department IT systems and services.
• Work with appropriate business leadership and supply chain to help ensure specific systems, services, and devices receive proper assessments and remediation.
• Work with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure systems, services, and devices receive proper security assessments and remediation.
• Work with system business owners and vendors to document system vulnerabilities and document mitigation controls or remediation actions.
• Ensure vendor systems use approved connectivity, remote management and monitoring.

Knowledge, Skills, Abilities, Behaviors:

• Significant experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices. Required
• Experience in management and/or operations in a number of healthcare business or IT functional areas. Required
• Significant experience in some combination of audit, risk management, information security, privacy, and information technology. Required
• Significant experience with information security regulations (HIPAA Privacy/Security, Sarbanes-Oxley IT controls, Payment Card Industry (PCI)) and applying these to identify appropriate controls necessary to maintain compliance Required
• Demonstrated experience in building and maintaining positive team relationships at all levels of the facility, market, and corporate levels. Required
• Possesses confident leadership skills: decisiveness, assertiveness, with the ability to achieve results quickly. Required
• Demonstrates a high degree of initiative, dependability, and the ability to work independently. Required
• Possesses a sense of responsibility and accountability – someone who takes ownership and initiative. Required
• Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity. Required
• Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions. Required
• Maintains professional demeanor, appearance, and positive attitude. Required
• Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities. Required

Education & Experience:

• Bachelor’s degree and 7+ years of experience in a relevant field Required

OR

• High School Graduate/Equivalent and 14+ years of experience in a relevant field Required
• Master’s degree Preferred

Licenses, Certifications, & Training:

• CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy

Additional Information:

• Occasional Travel
• Hybrid Position

We are comprised of affiliated hospitals, physician practices and other sites
of care across the United States and United Kingdom. The Sarah Cannon Cancer
Network is transforming cancer care through integrated services and cutting-
edge technologies. Our physicians can develop leading oncology programs to
advance science and patient care. Providing physician-led patient care offers
our doctors access to a national network of experts. This is where
multidisciplinary teams come together with a goal of delivering seamlessly
coordinated, quality cancer care. Through a united network of globally
recognized oncology specialists, we collaborate and share best practices. We
address each aspect of the cancer journey, from screening and diagnosis
through treatment and survivorship, to advance our shared mission: Above all
else, we are committed to the care and improvement of human life.
HCA Healthcare has been recognized as one of the World’s Most Ethical
Companies® by the Ethisphere Institute more than ten times. In recent years,
HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of
charitable care, uninsured discounts, and other uncompensated expenses.
> “Bricks and mortar do not make a hospital. People do.”- Dr. Thomas Frist,
> Sr.
> HCA Healthcare Co-Founder
If you are looking for an opportunity that provides satisfaction and personal
growth, we encourage you to apply for our Consulting Facility Information
Security Official opening. We promptly review all applications. Highly
qualified candidates will be contacted for interviews. Unlock the
possibilities and apply today!
We are an equal opportunity employer and value diversity at our company. We do
not discriminate on the basis of race, religion, color, national origin,
gender, sexual orientation, age, marital status, veteran status, or disability
status.
Apply