Security Controls Engineer

Introduction

Do you have the career opportunities as a(an) Security Controls Engineer you
want with your current employer? We have an exciting opportunity for you to
join HCA Healthcare which is part of the nation’s leading provider of
healthcare services, HCA Healthcare.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life,
career and retirement of our colleagues. The available plans and programs
include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
• Family support through fertility and family building benefits with Progyny and adoption assistance.
• Referral services for child, elder and pet care, home and auto repair, event planning and more
• Consumer discounts through Abenity and Consumer Discounts
• Retirement readiness, rollover assistance services and preferred banking partnerships
• Education assistance (tuition, student loan, certification support, dependent scholarships)
• Colleague recognition program
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits
_Note: Eligibility for benefits may vary by location._
Our teams are a committed, caring group of colleagues. Do you want to work as
a(an) Security Controls Engineer where your passion for creating positive
patient interactions is valued? If you are dedicated to caring for the well-
being of others, this could be your next opportunity. We want your knowledge
and expertise!
Job Summary
The Security Controls Engineer is a technology and process focused security
professional with an emphasis in information security controls, risk
assessment, regulatory compliance, and security consultation. Applies
information security concepts, knowledge, and skills to support a
comprehensive information protection program. The Security Controls Engineer
evaluates and monitors the current state of security controls across the
organization related to people, process, and technology as well as with 3rd
party vendors external to the organization.
General Responsibilities

• Assists in the collection of the top and most pressing IT security risks (regulatory, security of critical enterprise applications and infrastructure, vendors, etc.), analyze, monitor, and derive strategic decisions that balance risk with operation and economic costs of protective measures.
• Assists in interviews with company senior management and business owners to confirm anticipated business effects resulting from the actual occurrence of any of the identified enterprise security risks.
• Leverages inventory of key vendors, applications, processes, and infrastructure items and their impact to the top and most pressing IT security risks. Additionally, maps applications, processes, and infrastructure items to appropriate security risks.
• Assists in activities to identify key controls (policy, procedure, practice, or organizational structure) that if implemented would provide reasonable assurance that security objectives will be achieved and undesired events will be prevented or detected and corrected
• Assists in activities to review, develop, and implement security controls plans, vendor security agreements, and security exceptions to control standards.
• Assist in activities to conduct technical security reviews and assessments of vendors, applications, processes, and IT infrastructure.
• Assists in activities related to the analysis of data collected during security reviews and assessment of vendors, applications, processes, and IT infrastructure in order to determine current states of security risk across the company.
• Assists in activities to develop remediation plans to address issues discovered as results of security reviews and/or assessments of vendors, applications, processes, and IT infrastructure. Works with management to assign remediation responsibilities, actions, and priorities.
• Assists in activities to monitor and track remediation activities to address weaknesses and issues discovered through security reviews or audits of vendors, applications, processes, and IT infrastructure.
• Assists in activities to develop strategies to ensure compliance with security standards as well as regulatory and audit issues.
• Assists in activities to provide periodic reporting including assessment findings and recommendations for improvement to applicable constituencies (e.g. executive management, facility leadership, and governance committee).
• Assists in identifying security related regulatory requirements (ie. PCI-DSS, SOX, HIPPA), and interacts with internal and external assessors and auditors to ensure ongoing compliance.

Experience & Education

• Bachelors degree in relatable field preferred
• 1+ years of relevant work experience required

Other/Special Qualifications
Certifications (preferred, not required):

• CISSP Certified Information Systems Security Professional
• GSEC GIAC Security Essentials Certified
• CISA Certified Information Systems Auditor
• PCIP PCI Professional Training
• HCISPP Healthcare Information Security and Privacy Practitioner

Preferred areas of experience:

• Security Technologies / Methodologies
• IT Audit/Risk Management
• Information Security Metrics and Reporting
• Systems Control Review Process
• Application/Infrastructure Control Review Process
• Working knowledge of the COSO and COBIT methodologies
• Experience with ISO27001, HIPAA, Sarbanes-Oxley, PCI-DSS
• Experience with IT risk, regulatory, or compliance responsibilities

Additional Information

• Must live in/near Greater Nashville, TN Area or be willing to relocate to the area.
• Occasional travel may be required

> “Bricks and mortar do not make a hospital. People do.”- Dr. Thomas Frist,
> Sr.
> HCA Healthcare Co-Founder
If you are looking for an opportunity that provides satisfaction and personal
growth, we encourage you to apply for our Security Controls Engineer opening.
We promptly review all applications. Highly qualified candidates will be
contacted for interviews. Unlock the possibilities and apply today!
We are an equal opportunity employer and value diversity at our company. We do
not discriminate on the basis of race, religion, color, national origin,
gender, sexual orientation, age, marital status, veteran status, or disability
status.
Apply