Talent.com
Consulting Security Risk Controls Engineer PCI
Consulting Security Risk Controls Engineer PCIHCA Healthcare • Nashville, TN, US
Consulting Security Risk Controls Engineer PCI

Consulting Security Risk Controls Engineer PCI

HCA Healthcare • Nashville, TN, US
job_description.job_card.variable_hours_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description

Consulting Security Risk Controls Engineer PCI

Job location : Nashville, TN (if applicable) – details provided by employer. 1 day ago Be among the first 25 applicants.

Overview

We are seeking a Consulting Security Risk Controls Engineer for our team to ensure that we continue to provide all patients with high quality, efficient care.

Responsibilities

  • Assess / Review Service Providers for PCI-DSS Compliance.
  • Collect the top IT security risks (regulatory, security of critical enterprise applications and infrastructure, vendors, etc.), analyze, monitor, and derive strategic decisions that balance risk with operational and economic costs of protective measures.
  • Conduct interviews with company senior management and business owners to confirm anticipated business effects resulting from identified enterprise security risks.
  • Maintain an inventory of key vendors, applications, processes, and infrastructure items and their impact on top IT security risks; map items to appropriate security risks.
  • Lead activities to identify key controls (policy, procedure, practice, or organizational structure) to provide reasonable assurance that security objectives are achieved and undesired events are prevented or detected and corrected.
  • Lead activities to review, develop, and implement security controls plans, vendor security agreements, and security exceptions to control standards.
  • Lead activities to conduct technical security reviews and assessments of vendors, applications, processes, and IT infrastructure.
  • Lead activities to analyze data from security reviews to determine current state of security risk across the company.
  • Lead activities to develop remediation plans and assign remediation responsibilities, actions, and priorities with management.
  • Monitor and track remediation activities to address weaknesses identified through security reviews or audits.
  • Develop strategies to ensure compliance with security standards and regulatory / audit requirements.
  • Provide periodic reporting including assessment findings and recommendations to executive management, facility leadership, and governance committees.
  • Identify security-related regulatory requirements (e.g., PCI-DSS, SOX, HIPAA) and interact with internal and external assessors and auditors to ensure ongoing compliance.

Qualifications

  • Relevant experience : 7+ years
  • Education : Bachelor's Degree Preferred
  • Other Qualifications :

    • PCI QSA Certified

  • PCIP PCI Professional Training
  • CISSP Certified Information Systems Security Professional
  • GSEC GIAC Security Essentials Certified
  • CISA Certified Information Systems Auditor
  • HCISPP Healthcare Information Security and Privacy Practitioner
  • Preferred areas of experience :

    • Security Technologies / Methodologies

  • IT Audit / Risk Management
  • Information Security Metrics and Reporting
  • Systems Control Review Process
  • Application / Infrastructure Control Review Process
  • 5+ years of relevant work experience and COBIT methodologies
  • Working knowledge of COSO and COBIT methodologies
  • Experience with ISO27001, HIPAA, Sarbanes-Oxley, PCI-DSS
  • Experience with IT risk, regulatory, or compliance responsibilities
  • Excellent analytical and interpersonal skills
  • Excellent oral and written communication skills

    • Physical Demands / Working Conditions

  • Occasional travel may be required

    • Employment Details

  • Seniority level : Mid-Senior level
  • Employment type : Full-time
  • Job function : Information Technology and Health Care Provider
  • Industries : Hospitals and Health Care

    • We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

    If you find this opportunity compelling, we encourage you to apply for our Consulting Security Risk Controls Engineer opening. We promptly review all applications. Highly qualified candidates will be directly contacted by a member of our team. We are interviewing - apply today!

    J-18808-Ljbffr

    serp_jobs.job_alerts.create_a_job

    Security Security • Nashville, TN, US