-
Business Information Security (BISO) Advisor
- Community Health Systems (Franklin, TN)
-
Job Summary
The Business Information Security Office (BISO) Specialist acts as a trusted security advisor and the primary interface between Cyber Security Risk Management (CSRM) and CHS's business and clinical operations. This role is key to embedding cybersecurity into the culture and enabling business partners to reach their goals securely. You will translate complex security requirements into actionable guidance, advocate for the business value of security, and activate strategic alignment between business and CSRM initiatives to protect the organization while empowering innovation.
This Security Specialist serves as an expert in specific aspects of information risk management. Undertakes complex projects requiring additional specialized technical and/or business knowledge. Makes well-thought-out decisions on complex risk management issues. Provides mitigation strategies, oversight, and direction for enterprise-wide technology risk. Ensures high-level integration of applications and business processes with information risk management policies and strategies.
Identifies, evaluates, conducts, schedules and leads solution risk analyses to ensure all applicable Cyber Security Risk Management requirements are met. Provides analysis of requirements necessary to ensure the confidentiality, availability and integrity of information where it is processed, stored, or transmitted by the business and IT systems while considering performance and cost factors calculated into solutions/recommendations.
This person must be able to clearly articulate and discuss identified cyber business risks and various options for mitigation, and communicate the risks and solutions to project teams, business partners and IT staff.
Essential Functions
+ Serves as a technical expert in one or more aspects of information risk for a business segment or function to ensure the confidentiality, integrity, and availability of sensitive information.
+ Consults on complex information risk management projects. Serves as an expert in the planning, engineering, development, implementation and administration of technology solutions through the use of controls, procedures, measurements and strategies to prevent unauthorized access, modification, disclosure, misuse, manipulation, or destruction of systems, networks, applications and data
+ Provides technical consulting efforts towards the development and implementation of information risk strategies in alignment with their respective business unit and IT initiatives. Assists in the development and implementation of information risk policies, procedures, processes and programs to ensure availability, confidentiality, integrity,.
+ Consults on one or more highly specialized phases on information risk management which many include hardware/software testing and evaluation, information risk education and awareness, incident response, policy and standards development, risk assessment and mitigation strategies. Responsibilities include developing solutions for use within an enterprise environment as well as application & business specific needs.
+ Assists in the establishment of the overall framework for the protection of Community Health Systems information assets through architecture, policies, standards, risk assessments, monitoring, certification and technology.
+ Provides mitigation solution oversight and direction for enterprise-wide information risk management technology. Assists in long-term strategic planning activities for the development and implementation IS risk architecture and technology guidelines.
+ Undertakes complex information risk projects involving multiple disciplines and may impact multiple business units. Responsible for the selection, direction and performance of information risk management projects. Responsible for change management, configuration management, performance analysis, physical planning, national vendor management, inventory control, technical standards, procedures, and product evaluations.
+ Acts as a source of direction, training, and guidance for less experienced staff.
+ Performs other duties as assigned.
Qualifications
+ Bachelor’s or master’s degree in Computer Science, Information Systems, or other related field preferred.
+ Bachelor’s or master’s degree in Computer Science, Information Systems, or other related field preferred.
+ 8-10 years of progressive work experience in a combination of risk management, information security, and business/IT consulting roles. Knowledge of:
+ Must have proven knowledge in Information risk components, principles, procedures and practices.
+ Demonstrated ability to understand business processes and align security priorities with strategic business objectives.
+ Excellent written and verbal communication skills. Must be able to effectively communicate technical concepts to a non-technical audience.
+ Excellent ability to communicate complex, technical concepts to non-technical audiences and influence outcomes without direct authority.
+ Proven experience building and maintaining strong professional relationships as a trusted advisor.
+ Must have demonstrated knowledge in information controls and audit methodology for business systems and data processing environments.
+ Must have a broad knowledge in information technology and risk trends.
+ Must have familiarity of, budgeting and financial analysis concepts and techniques.
+ Intermediate knowledge of laws, regulations, and standards relevant to the healthcare industry.
Preferred:
+ Experience in a role requiring direct partnership with business stakeholders.
+ 3-5 years of project management experience preferred
+ Data Science/Data Statistics/Data Analytics
Licenses and Certifications (Preferred)
+ ICertified Information Systems Security Professional® (CISSP)Certified Information Systems Auditor® (CISA)GSEC GIAC Security Essentials CertifiedPCIP PCI Professional TrainingHCISPP Healthcare Information Security and Privacy Practitioner
Equal Employment Opportunity
This organization does not discriminate in any way to deprive any person of employment opportunities or otherwise adversely affect the status of any employee because of race, color, religion, sex, sexual orientation, genetic information, gender identity, national origin, age, disability, citizenship, veteran status, or military or uniformed services, in accordance with all applicable governmental laws and regulations. In addition, the facility complies with all applicable federal, state and local laws governing nondiscrimination in employment. This applies to all terms and conditions of employment including, but not limited to: hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. If you are an applicant with a mental or physical disability who needs a reasonable accommodation for any part of the application or hiring process, contact the director of Human Resources at the facility to which you are seeking employment; Simply go to http://www.chs.net/serving-communities/locations/ to obtain the main telephone number of the facility and ask for Human Resources.
-
Recent Jobs
-
Business Information Security (BISO) Advisor
- Community Health Systems (Franklin, TN)
-
Executive Operations Specialist
- Cleveland State Community College (Cleveland, TN)
-
Record Management Portfolio Manager (Hybrid)
- RTX Corporation (Richardson, TX)
-
Land Rep II/III/Sr
- Williams Companies (Redmond, WA)