• Security Controls Engineer II

    HCA Healthcare (Nashville, TN)


    Description

    Introduction

     

    Do you want to join an organization that invests in you as a(an) Security Controls Engineer II? At HCA Healthcare, you come first. HCA Healthcare has committed up to $300 million in programs to support our incredible team members over the course of three years.

     

    Benefits

     

    HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

     

    + Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.

    + Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.

    + Free counseling services and resources for emotional, physical and financial wellbeing

    + 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)

    + Employee Stock Purchase Plan with 10% off HCA Healthcare stock

    + Family support through fertility and family building benefits with Progyny and adoption assistance.

    + Referral services for child, elder and pet care, home and auto repair, event planning and more

    + Consumer discounts through Abenity and Consumer Discounts

    + Retirement readiness, rollover assistance services and preferred banking partnerships

    + Education assistance (tuition, student loan, certification support, dependent scholarships)

    + Colleague recognition program

    + Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)

    + Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

     

    Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)

     

    _Note: Eligibility for benefits may vary by location._

     

    You contribute to our success. Every role has an impact on our patients’ lives and you have the opportunity to make a difference. We are looking for a dedicated Security Controls Engineer II like you to be a part of our team.

     

    Job Summary and Qualifications

     

    The Cloud Security Controls Engineer is a technology and process focused security professional with an emphasis in information security controls, risk assessment, regulatory compliance, and security consultation. Applies information security concepts, knowledge, and skills to support a comprehensive information protection program. The Cloud Security Controls Engineer evaluates and monitors the current state of security controls, especially public cloud and SaaS controls, across the organization related to people, process, and technology as well as with 3rd party vendors external to the organization.

    General Responsibilities

    + Develops and maintains secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.

    + Attends regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations.

    + Actively monitors, assess and recommends tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments.

    + Assists in maintaining strong oversight with cloud computing vendors and solution providers to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.

    + Performs the collection of the top and most pressing IT security risks (regulatory, security of critical enterprise applications and infrastructure, vendors, etc.), analyze, monitor, and derive strategic decisions that balance risk with operation and economic costs of protective measures.

    + Performs interviews with company senior management and business owners to confirm anticipated business effects resulting from the actual occurrence of any of the identified enterprise security risks.

    + Leverages inventory of key vendors, applications, processes, and infrastructure items and their impact to the top and most pressing IT security risks. Additionally, maps applications, processes, and infrastructure items to appropriate security risks.

    + Performs activities to identify key controls (policy, procedure, practice, or organizational structure) that if implemented would provide reasonable assurance that security objectives will be achieved and undesired events will be prevented or detected and corrected

    + Performs activities to review, develop, and implement security controls plans, vendor security agreements, and security exceptions to control standards.

    + Performs activities to conduct technical security reviews and assessments of vendors, applications, processes, and IT infrastructure.

    + Performs activities related to the analysis of data collected during security reviews and assessment of vendors, applications, processes, and IT infrastructure in order to determine current state of security risk across the company.

    + Performs activities to develop remediation plans to address issues discovered as result of security reviews and/or assessments of vendors, applications, processes, and IT infrastructure. Works with management to assign remediation responsibilities, actions, and priorities.

    + Performs activities to monitor and track remediation activities to address weaknesses and issues discovered through security reviews or audits of vendors, applications, processes, and IT infrastructure.

    + Performs activities to develop strategies to ensure compliance with security standards as well as regulatory and audit issues.

    + Performs activities to provide periodic reporting including assessment findings and recommendations for improvement to applicable constituencies (e.g., executive management, facility leadership, and governance committee).

    + Identifies security related regulatory requirements (i.e. PCI-DSS, SOX, HIPAA), and interacts with internal and external assessors and auditors to ensure ongoing compliance.

    Other Qualifications Certifications (preferred, not required):

    + CCSP Cloud Security Professional

    + GCSA GIAC Cloud Security Automation

    + AZ-500 Microsoft Certified Azure Security Engineer

    + Google Professional Cloud Security Engineer

    + AWS Certified Security

    + CISSP Certified Information Systems Security Professional

    + GSEC GIAC Security Essentials Certified

    + CISA Certified Information Systems Auditor

    + PCIP PCI Professional Training

    + HCISPP Healthcare Information Security and Privacy Practitioner

    + Preferred areas of experience:

    + Major Public Cloud Solutions

    + Public Cloud Security Technologies / Methodologies

    + IT Audit/Risk Management

    + Information Security Metrics and Reporting

    + Systems Control Review Process

    + Application/Infrastructure Control Review Process

    + Working knowledge of the COSO and COBIT methodologies

    + Experience with ISO27001, HIPAA, Sarbanes-Oxley, PCI-DSS

    + Experience with IT risk, regulatory, or compliance responsibilities

    + Possession of excellent analytical and interpersonal skills

    + Possession of excellent oral and written communication skills

    Education & Experience

    + Bachelors preferred

    + 3+years of experience

     

    HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

     

    "Good people beget good people."- Dr. Thomas Frist, Sr.

     

    HCA Healthcare Co-Founder

     

    We are a family 270,000 dedicated professionals! Our Talent Acquisition team is reviewing applications for our Security Controls Engineer II opening. Qualified candidates will be contacted for interviews. **Submit your resume today to join our community of caring!**

     

    We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.