Senior Security Analyst

Do you have the career opportunities as a Senior Security Analyst you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare.

IPS Field Security Analysts are responsible for performing a wide range of tasks that support the ongoing maturation of the IPS program, including: driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and providing guidance and consultation to colleagues at every level to reduce or eliminate risky behaviors. They are responsible for helping workforce members appropriately comply with the company’s IPS requirements.

This role requires extensive focus on building and expanding relationships with key stakeholders who support IPS objectives and activities. IPS Field Security Analysts are tasked with the most complex work efforts, requiring them to leverage their IT, security, risk management and business experience to address IPS program deficiencies while meeting patient care and business needs.

The Security Analyst must have a combination of skills including written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.

• Coordinate and perform risk assessments using corporate-provided tools and templates.
• Work with local leaders to assess, submit and approve exceptions to IPS standards while working with them to implement controls to mitigate risk and remediate as able.
• Drive and manage execution of corrective and risk treatment plans in concert with Cyber Issues Management to address deficiencies identified during risk assessments.
• Assist the DISA in ensuring that designated committees (e.g., Security Committee, Ethics & Compliance Committee) receive, document, track, investigate, and sponsor remediation of security control deficiencies, suspected IPS incidents, and complaints. At the direction of the DISA, provide education and guidance to ensure these committees make informed, risk based decisions necessary to balance business needs and security objectives.
• Work with Corporate IPS / Centralized Architect Team to identify appropriate security controls as part of the field intake process, and works with the IPS Field Security Engineer to provide assurance that the required security controls are implemented and working as designed.
• Perform Security Risk Analysis (SRA) to validate that required security controls are in place in order to drive ongoing compliance with IPS policies, standards, and operational procedures.
• Lead audit response activities to address IPS issues identified by Internal Audit, or external auditors (e.g., CMS HIPAA Security audits).

• Support, coordinate, and manage non-technical cyber security event/incident response investigation activities (i.e., Lost/Stolen Devices, Privacy RI, E&C).
• Investigate information leaving the organization with appropriate leadership (i.e. Manager, ECO, HR, Legal) in support of Data Loss Prevention (DLP)
• Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IPS issues are applied appropriately and consistently.
• Perform follow-up education and consultation with workforce members exhibiting risky behaviors and/or behaviors that violate Company IPS policies and standards.

• Provide ad hoc IPS guidance and consultation to all types and levels of workforce members and colleagues that balances business and security requirements
• Educate ITG Colleagues on security policies and standards to help ensure compliance
• Facilitate, and lead where appropriate, proactive IPS communication and awareness activities including coordinating with HR and training departments to ensure that periodic workforce training includes company required IPS content.
• Coordinate development, documentation and testing of Disaster Recovery (DR) plans.
• Assist the Division DISA in supporting and driving enterprise and division IPS projects and security efforts to a successful end and ensure that required processes are adopted and maintained.
• Lead and coordinate implementation and adoption of technology and processes changes.

• Collaborates with system business owners to ensure vendor contracts are in place for department and IT systems and services.
• Work with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure specific systems, services, and devices receive proper security assessments and remediation.
• Work with business, purchasing, and IT stakeholders to ensure proper controls are in place for existing vendor maintained solutions.
• Work with system business owners and vendors to document system vulnerabilities and document mitigation controls or remediation actions.
• Ensure vendor systems use…