Governance Risk and Compliance Specialist

JOB DESCRIPTION

Note : If you are CURRENTLY employed at Children's and / or have an active badge or network access, STOP here. Submit your application via Workday using the Career App (Find Jobs).

Work Shift

Work Day(s)

Monday-Friday

Shift Start Time

8 : 00 AM

Shift End Time

5 : 00 PM

Worker Sub-Type

Regular

Children’s is one of the nation’s leading children’s hospitals. No matter the role, every member of our team is an essential part of our mission to make kids better today and healthier tomorrow.

We’re committed to putting you first, and that commitment is at the heart of our company culture : People first. Children always.

Find your next career opportunity and make a difference doing what you love at Children’s.

Job Description

Serves as subject matter expert in the area of analyzing risks while having an understanding of multiple security platforms and layers, including vulnerability management, intrusion detection / prevention, incident response, log correlation and management, operating systems, and identity and access management.

Helps manage information security risks to an acceptable level.

Experience

5 years of experience in any combination of network security protocols / methodologies, information security and information technology controls, National Institute of Standards and Technology and International Organization for Standardization frameworks, security penetration and vulnerability assessments, network / systems administration

Preferred Qualifications

• 2 years of experience in any combination of information technology, computer operations, database management system security
• Experience in a healthcare setting

Education

Bachelor's degree in Computer Sciences, Information Technology, related field, or equivalent experience

Certification Summary

Certified in Risk and Information Systems Control (CRISC), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Window Security Administrator (GCWN), GIAC Certified Enterprise Defender (GCED), GIAC Security Essentials Certified (GSEC), Certified Information Systems Security Professional (CISSP), or equivalent experience

Knowledge, Skills and Abilities

• Strong knowledge of accepted information systems and technology security regulations
• Solid knowledge of Health Insurance Portability and Accountability Act, Joint Commission, and other information technology security governing bodies
• Demonstrated knowledge of generally known information technology platforms, standards, and software development language(s)
• Well-developed organizational, written communication, and analytical skills
• Strong interpersonal skills to interact positively and productively with teams across organizational lines, including administrative / executive staff and patient care systems users
• Must be able to function in a dynamic environment subject to impromptu changes in schedules and priorities

Job Responsibilities

• Ensures integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies through performance of formal risk assessments, policy and governance, and internal threat analysis.
• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system, and external web integrity scans to determine compliance.
• Serves as expert on matters related to enterprise network security architecture, design, implementation, and ongoing support for network security devices.
• Provides feedback concerning areas for development and accomplishments.
• Works closely with Security Architect, network infrastructure team, and business units to provide security planning and technical support.
• Develops, updates, and assists in maintaining information security awareness training documentation and materials.
• Facilitates training sessions on or about information security and ensures consistent application of company policy and procedure guidelines.
• Prepares incident reports of analysis methodology and results and assists with implementation of counter-measures or mitigating controls.
• Provides technical expertise for administration of security management tools.
• Develops business cases and conduct presentations to senior information technology leadership of proposed security products and studies.
• Analyzes and documents information for product and process improvements and analyzes product rejections to create and implement effective corrective and preventive actions.
• Works independently or as lead on projects of medium to high complexity.
• Maintains current knowledge of relevant technology as assigned.

Primary Location Address

1575 Northeast Expy NE

Job Family

Information Security