Job Description
Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 39 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
Summary
The Cyber Security Risk Management (CSRM) organization enhances safety, dignity, and confidence by fostering a trustworthy digital environment for care delivery and business operations. As a Cyber Security Engineer - Compliance, you are a liaison between Cyber Security Risk Management and CHS facilities for the completion of Security Risk Analysis (SRA) activities. You will coordinate annual Security risk analyses, develop guidance materials, and assist with the education of all personnel involved in the SRA process. You can be trusted to work independently with limited supervision as well as work effectively in a small team environment. In this role, you will collaborate closely with internal and external auditors, cybersecurity, IT, and business stakeholders to ensure evidence provided is complete and accurate and meets compliance requirements.
Essential Duties And Responsibilities
- Perform risk analysis (HIPAA, Promoting Interoperability) of security controls for the purpose of trend analysis and compliance reporting to enterprise customers
- Document gaps in security risk analysis processes and communicate process improvement opportunities to leadership
- Perform assessments of appropriate administrative, physical, and technical safeguards with limited supervision to protect the confidentiality, integrity, and availability of confidential or regulated data (SOX, PCI, PHI)
- Perform security risk analysis of new and existing applications, devices and services for the purpose of documenting risks introduced by a new or existing project, program, product or solution.
- Communicate and collaborate with Technology, Business, and Audit partners to respond to and address compliance risk
- Facility follow up and track required remediation controls where necessary
- Document security issues resulting from security risk analysis with internal policies and standards or regulatory requirements
Qualifications
- Required Education: High School Diploma
- Preferred Education: Associate’s or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), equivalent certifications, or equivalent work experience.
- Required Experience:
- Duration:
- 3 years of experience with security risk analysis in a medium to large enterprise, preferably in a multi-hospital and/or medical center setting
- Competencies:
- Experience in regulatory standards (HIPAA, HITECH, PCI, SOX, COBIT)
- Working knowledge of cybersecurity principles and practices
- Excellent verbal and written communication skills with the ability to interact effectively with all levels of management
- Works Independently as well as collaboratively with minimal supervision
- Self-starter and flexible team player
- Ability to work in an evolving environment with changing processes and procedures
- Preferred Experience:
- Duration:
- Competencies:
- Knowledge of Industry Standard Audit Methodologies
- Familiarity with NIST Cybersecurity Framework (CSF)
- Core understanding of risk management principles, especially NIST Risk Management Framework (RMF)
- Technologies:
- Governance, Risk, and Compliance (GRC) platforms
- ServiceNow
- Required License/Registration/Certification: None
- Computer Skills Required:
- Experience working in a Windows environment
- Familiarity with Microsoft / Google office suites
- Strong spreadsheet skills
Physical Demands
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:
- The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
- The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
- The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.