Job Searchi - jobSearchi.com

Job Details

ID #45129205
State Ohio
City Remote
Job type Permanent
Salary USD TBD TBD
Source Bon Secours Health System, Inc.
Showed 2022-08-24
Date 2022-08-23
Deadline 2022-10-22
Category Et cetera
Create resume

Information Security Assurance Assessor

Ohio, Remote 00000 Remote USA

Vacancy expired!

Thank you for considering a career at Bon Secours Mercy Health!

Summary of Primary Function

The Cybersecurity Assurance Assessor proactively evaluates the system and network enterprise environments of the health system and uses technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures, and education to implement effective cybersecurity programs and strategies. The Assurance Assessor determines security controls, configurations, procedures, and policies based off industrial standards, best practices, federal, and state regulations, and contractual requirements. The Assurance Assessor establishes and manages program control processes, compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provides expertise in compliance requirements for internal and external reviews of requirements. The Assurance Assessor conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls.

Essential Job Functions
  • Communicates and ensures programs are in compliance with applicable laws, regulations, policies, and standards
  • Serve as subject matter expert to internal business and technology teams on range of compliance standards as influenced by regulatory mandates (HIPAA, FTC) and industry best practices (e. g. NIST CSF, HITRUST, ITIL, PCI, SOC2 Type2I, etc.)
  • Actively participate and manage various assessments such as HITRUST, PCI Compliance, HIPAA Risk Assessment, SOC2 Type2, etc.
  • Verify that application software/network/system security postures are implemented as stated, documented deviation, and recommend required actions to correct those deviations.
  • Document best practices for security and information assurance based on business and user requirements
  • Perform security reviews, identify gaps in security architecture and develop a security risk management plan.
  • Perform risk analysis (i.e. threat, vulnerability and probability of occurrence) whenever an application or system undergoes a certification process.
  • Provide input into the Risk Management Framework process activities and related documentation
  • Participate in Risk Governance process to provide security risks, mitigations and input on other technical risks.
  • Develop methods to monitor and measure risk, compliance, and assurance efforts
  • Perform internal control testing.
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Contribute to other Information Risk and Assurance programs and functions as needed.
  • Accountable for the reporting of key metrics as defined by the program in a timely manner.
  • All other duties as assigned.

Employment Qualifications

Bachelor's Degree (required)

Licensing/ Certification

HITRUST CCSFP and/or PCI-P (required)

PCI-ISA, CISSP, CRISC, CISM or GSLC. SANS GIAC certifications (preferred)

Minimum Qualifications
  • 5+ years' relevant work experience in information security and/or services in a multi-facility organization.
  • 2+ years' experience as a Security Control Assessor
  • 2+ years' experience managing external assessments such as HITRUST, PCI Compliance, HIPAA Risk Assessment, SOC2 Type2.
  • 1+ years' experience with project management
  • 1+ years' working remotely

Additional Skills
  • Exceptional organizational skills with ability to manage multiple priorities in a rapidly changing environment and maintain composure under pressure.
  • Ability to work independently or as part of a team.
  • Advanced knowledge of IT systems and processes and experience evaluating internal and external technical control systems.
  • Skilled at preparing and delivering briefings, presentations, and project plans.
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • Advanced knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data.
  • Excellent knowledge of current data security best practices, including relevant information security legal requirements (HIPAA, OIG, Sarbanes-Oxley, GLBA).

Combination of post-secondary education and experience in lieu of a degree.

#BSMHIT

Bon Secours Mercy Health is an equal opportunity employer.

Many of our opportunities reward your hard work with:
  • Comprehensive, affordable medical, dental and vision plans
  • Prescription drug coverage
  • Flexible spending accounts
  • Life insurance w/AD&D
  • Employer contributions to retirement savings plan when eligible
  • Paid time off
  • Educational Assistance
  • And much more
Benefits offerings vary according to employment status

Scheduled Weekly Hours:40

Work Shift: Days

Department: SS I&T - Info Security

All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health - Youngstown, Ohio or Bon Secours - Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email recruitment@mercy.com. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at recruitment@mercy.com.

Vacancy expired!

Subscribe Report job