Do you have the career opportunities in information security that you want with your current employer? We have an exciting opportunity for you to break into the field working in the Far West Division, part of the nation's leading provider of healthcare services, HCA Healthcare.
We are committed to providing our employees with the support they need. At HCA Healthcare, we offer eligible colleagues an attractive benefit package that includes medical, wellbeing, dental and vision benefits along with some unique benefits including:
- Medical, Dental, Vision, Life Insurance and Flexible Spending
- Paid Time Off (PTO) and Personal Leave
- 401K (100% annual match - 3% to 9% of pay based on years of service)
- Academic Assistance and Reimbursements for Tuition and Student Loans
- Employee Discounts including Tickets, Retail, Mental Health Apps, Education Apps, Identity Theft Protection etc.
- Home, Auto, and Pet Insurance
- Employee Stock Purchase Program (ESPP)
- Short Term & Long Term Disability coverage
- Adoption Assistance
- Legal Benefits and lots more!
Learn more about Employee Benefits
Our teams are a committed, caring group of colleagues. Do you want to work as a(an) Zone Facility Information Security Official where your passion for creating positive patient interactions are valued? If you are dedicated to caring for the well-being of others, this could be your next opportunity. We want your knowledge and expertise!Job Summary and Qualifications
HCA Healthcare ITG
The Zone Facility Information Security Official is a shared role across a market, responsible for leading, driving, and, in some cases, implementing Information Protection & Security (IPS) activities in company facilities under the supervision of the division's Information Protection & Security Director or a Senior ZFISO. He or she serves as a liaison between division/facility leadership and IPS leadership.
Under general supervision from the DISA, they are responsible for performing a wide range of tasks that support the ongoing maturation of the facility's IPS program, including: driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and rounding with division and facility leadership to reduce or eliminate risky behaviors. They are responsible for helping facility workforce members appropriately comply with the company's IPS requirements.
This role requires extensive focus on building and expanding relationships with key stakeholders such as facility and division leadership; workforce members; physicians; division and facility IT teams; business owners; vendors; and other people and entities who support IPS objectives and activities within the facility.
The ZFISO must have a combination of skills including written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.
Please note – This position is WFH (Work From Home) and the candidate will need to live within the market being supported.
Scope of Responsibility
Las Vegas/California Market
- Coordinate and perform risk assessments within facilities using corporate-provided tools and templates.
- Drive and manage execution of corrective action plans to address deficiencies identified during risk assessments.
- Ensure the designated facility committee (e.g., Facility Security Committee, Facility Ethics & Compliance Committee) receives, documents, tracks, investigates, and sponsors remediation of security control deficiencies, suspected IPS incidents, and complaints. Provide education and guidance to ensure these committees make informed, risk-based decisions necessary to balance business needs and security objectives.
- Represent IPS needs in facility strategic planning, budgeting, and work prioritization processes.
- Drive ongoing compliance with IPS policies, standards, and operational procedures.
- Work with division and/or facility leaders to submit and approve exceptions to IPS standards.
- Lead audit response activities to address IPS issues identified by Internal Audit or external auditors (e.g., CMS HIPAA Security audits).
Issues Tracking and Resolution:
- Support, coordinate, and manage incident response and investigation activities involving the facility.
- Investigate information leaving the organization with appropriate leadership (i.e. Manager, ECO, HR, Legal)
- Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IPS issues are applied appropriately and consistently.
- Perform follow-up education and consultation with workforce members with risky behaviors and/or behaviors that violate Company policies and standards.
- Round the facility to build and strengthen relationships with workforce members at all levels and to educate staff on how to reduce or eliminate risky behaviors.
- Facilitate, and lead where appropriate, proactive IPS communication and awareness activities in the facility including coordinating with facility HR and training departments to ensure that periodic workforce training includes company-required IPS content.
- Assist with and manage the review and approval of user requests for high-risk access.
- Assist the Division DISA in driving key elements in the enterprise and division IS programs at the facility level to ensure that required processes are adopted and maintained.
- Lead and coordinate implementation and adoption of technology and processes changes in assigned facilities.
Vendor Systems Security:
- Collaborates with facility system business owners to ensure vendor contracts are in place for department and facility IT systems and services.
- Work with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure division and facility-specific systems, services, and devices receive proper security assessments and remediation.
- Work with business, purchasing, and IT stakeholders to ensure proper controls are in place for existing vendor-maintained solutions.
- Work with system business owners and vendors to document system vulnerabilities and document mitigation controls or remediation actions.
- Ensure vendor systems use approved connectivity, remote management and monitoring.
Education, Experience and Certifications:
- Bachelor's Degree – Required
- 3+ years of experience in relevant field – Required
- 3+ years of experience in security technologies, project management and/or Healthcare – Preferred
- CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy – Preferred
- Experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices.
- Exposure to management and/or operations in a number of healthcare business or IT functional areas.
- Experience in some combination of audit, risk management, information security, privacy, and information technology.
- Knowledge of information security regulations (HIPAA Privacy/Security, Sarbanes-Oxley IT controls, Payment Card Industry (PCI))
- Possesses the ability to build and maintain positive team relationships at all levels of the facility, market, and corporate levels.
- Possesses A sense of responsibility and accountability – someone who takes ownership and initiative.
- Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.
- Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions.
- Maintains professional demeanor, appearance, and positive attitude.
- Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.
HCA Healthcare's Information Technology Group (ITG) delivers healthcare IT products and services to HCA Healthcare's portfolio of business and partners, including Parallon, HealthTrust and Sarah Cannon.
For decades, ITG has been a pioneer in the industry, leading the transformation of healthcare into a new era of quality and connectivity. ITG relies on the breadth of the organization and depth of technical expertise to advance and enhance today's healthcare and to enable our physicians and clinicians to provide world-class, innovative care for patients.
ITG employees rally around the noble cause of transforming healthcare through technology and find inspiration in the meaningful work they do—creating a culture that follows our mission statement which begins by saying “above all else we are committed to the care and improvement of human life.”
If you want a career in technology and have a heart for healthcare, apply your expertise to a mission that matters.
HCA Healthcare (Corporate), based in Nashville, Tennessee, supports a variety of corporate roles from business operations to administrative positions. Like our colleagues in any HCA Healthcare hospital, our corporate campus employees enjoy unparalleled resources and opportunities to reach their potential as healthcare leaders and innovators. From market rate compensation to continuing education and career advancement opportunities, every person has a solid foundation for success. Nashville is also home to our Executive Development Program, where exceptional employees are groomed to take on CNO- and COO-level roles in our hospitals. This selective program focuses on ethics, leadership and the financial and clinical knowledge required of professionals at this level of the industry.
HCA Healthcare has been named one of the World's Most Ethical Companies by Ethisphere Institute for over a decade. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.
"Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder
If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Zone Facility Information Security Official opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Apply on company website