#CYBER282819

Cyber Security Specialist - Business Advisor (Remote)

2023-12-14
  • Location FRANKLIN, TN (CHS Corporate)
    Full Time
  • Department Cyber Security Risk Mgmt
  • Field Information Technology
  • Location FRANKLIN, TN (CHS Corporate)

  • Department Cyber Security Risk Mgmt

  • Field Information Technology

  • Full Time

Job Description

Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 44 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 78 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.

Summary:

The Business Information Security Office within the Cyber Risk Management (CSRM) organization drives the implementation and translation of enterprise security requirements, policies and procedures.  The role fosters relationships and delivers cyber security solutions to business partners through a deep understanding of CHS clinical operations, various supporting technologies, and CSRM capabilities and services.

The Cyber Security Specialist serves as an expert in multiple aspects of cyber security risk management.  Undertakes the complex projects requiring additional specialized technical and/or business knowledge.  Makes well-thought-out decisions on complex or ambiguous information risk management issues.  Provides mitigation solution oversight and direction for enterprise-wide risk technology.  Ensures high-level integration of applications and business processes with information risk management policies and strategies. 

Identifies, evaluates, conducts, schedules and leads analyses functions to ensure all applicable Cyber Security Risk Management requirements are met.  Provides analysis of requirements necessary to ensure the confidentiality, availability and integrity of information where it is processed, stored, or transmitted by the business and IT systems while balancing performance and cost factors calculated into solutions/recommendations.

This person must be able to clearly articulate and discuss identified cyber business risks and various options for mitigation, and communicate the risks and solutions to project teams, business partners and IT staff.

Essential Duties and Responsibilities:

  • Strong knowledge of cybersecurity principles, technologies, frameworks, and industry standards. Serves as a technical expert in one or more aspects of information risk for a business segment or function to ensure the protection of information processed, stored or transmitted and availability of business processes. A qualified candidate understands the principles of:
    • Networking/distributed computing environment concepts.
    • Complex domain structures, user authentication mechanisms and cryptography.
    • Intrusion detection and data correlation.
    • Network topology and the underlying OSI model.
    • Client/server configuration.
    • Enterprise risk management frameworks and principles.
  • Serves as an expert in the planning, engineering, development, implementation and administration of information systems through the use of controls, procedures, measurements and strategies to prevent unauthorized access, modification, disclosure, misuse, manipulation, or destruction of systems, networks, applications and data.
  • Demonstrated ability to collaborate effectively with cross-functional teams and build relationships with internal and external stakeholders.  Provides technical consulting towards the development and implementation of information risk strategies in alignment with their respective business unit and IT initiatives.  
  • Excellent knowledge of security technology and strong analytical skills. Consults on one or more highly specialized phases on information risk management which may include hardware/software testing and evaluation, information risk education and awareness, incident response, policy and standards development, risk assessment and mitigation strategies. 
  • Assists in the establishment of the overall framework for the protection of Community Health Systems information assets through architecture, policies, standards, risk assessments, monitoring, certification and technology. 
  • Assesses the most complex business processes and/or IT systems to ensure operation in accordance with information risk management requirements.  Defines and implements information risk management requirements in alignment with the overall business plan.
  • Provides mitigation solution oversight and direction for enterprise-wide information risk management technology.  Assists in long-term strategic planning activities for the development and implementation IS risk architecture and technology guidelines.
  • Undertakes complex information risk projects involving multiple disciplines and may impact multiple business units.  Responsible for the selection, direction and performance of information risk management projects.  Responsible for change management, configuration management, performance analysis, physical planning, national vendor management, inventory control, technical standards, procedures, and product evaluations.
  • Acts as a source of direction, training, and guidance for less experienced staff.  Monitors project schedules and costs.
  • Strong project management and organizational skills to handle multiple initiatives simultaneously and meet deadlines.
  • Exceptional communication and presentation skills, with the ability to engage diverse audiences.
  • Excellent writing and editing skills, with the ability to distill complex technical concepts into clear and compelling content.
  • Strategic mindset with the ability to think creatively and generate innovative ideas.  Experience in analyzing existing processes, identifying inefficiencies, and developing strategies to streamline operations.  Proficient in conducting process assessments, data analysis, and root cause analysis to identify areas for improvement.
  • Performs other duties as assigned.

Qualifications:

  • Bachelor’s or master’s degree in Computer Science, Information Systems, or other related fields preferred.

Required Experience:

  • Five to eight years of progressive work experience in information security and/or information systems audit. 
  • Must have proven knowledge in Information risk components, principles, procedures and practices.  
  • Excellent written and verbal communication skills. Must be able to effectively communicate technical concepts to a non-technical audience.
  • Must have demonstrated knowledge in information controls and audit methodology for business systems and data processing environments. 
  • Must have a broad knowledge in information technology and risk trends. 
  • Must have demonstrated knowledge of project management concepts and techniques required. 
  • Must have familiarity of financial statement preparation, budgeting and financial analysis concepts and techniques. 
  • Intermediate knowledge of laws, regulations, and standards relevant to the healthcare industry.

Preferred Experience:

  • Three to five years of Security Project execution experience preferred. For example, security production deployment and adoption
  • Data Privacy, Compliance or Legal experience in Healthcare or Healthcare related field

Preferred License / Registration / Certification:

  •  Certified Information Systems Security Professional® (CISSP)
  • Certified Information Systems Auditor® (CISA)
  • GSEC GIAC
Apply Now