Director Information Security Assurance in Salt Lake City, Utah, United States
Join our Talent Network
Skip to main content
HCA Healthcare

Director Information Security Assurance

Salt Lake City, UT, United States
Full-time • No Weekends
Directors and Managers   Job ID: 927669
Save Job Unsave Job



This position is incentive eligible.


Do you want to join an organization that invests in you as a Director Information Security Assurance? At HCA Healthcare, you come first. HCA Healthcare has committed up to $300 million in programs to support our incredible team members over the course of three years.


HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

  • Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
  • Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
  • Free counseling services and resources for emotional, physical and financial wellbeing
  • 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
  • Employee Stock Purchase Plan with 10% off HCA Healthcare stock
  • Family support through fertility and family building benefits with Progyny and adoption assistance.
  • Referral services for child, elder and pet care, home and auto repair, event planning and more
  • Consumer discounts through Abenity and Consumer Discounts
  • Retirement readiness, rollover assistance services and preferred banking partnerships
  • Education assistance (tuition, student loan, certification support, dependent scholarships)
  • Colleague recognition program
  • Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
  • Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits

Note: Eligibility for benefits may vary by location.

You contribute to our success. Every role has an impact on our patients’ lives and you have the opportunity to make a difference. We are looking for a dedicated Director Information Security Assurance like you to be a part of our team.

Job Summary and Qualifications

The Director of Information Security Assurance (DISA) based in Salt Lake City, Utah area leads the Information Protection & Security (IPS) program for their assigned area of responsibility, including: driving consistency and visibility of risk management activities; working with key stakeholders to protect patients and prevent data loss; and partnering with leadership to reduce or eliminate risky workforce behaviors.

This role is responsible for helping business and IT leadership, as well as the colleagues, comply with IPS requirements while meeting patient care and business needs. This position oversees the assessment of controls and works with appropriate leadership to ensure any deficiencies are addressed. They manage operational processes that monitor and respond to potential security events. They are also responsible for the planning, communication, and/or oversight of IPS initiatives, to ensure consistent program implementation and efficient resource use. This role requires extensive focus on building and expanding relationships with key stakeholders such as business and IT leadership; workforce members; physicians; local IT teams; business owners; vendors; and other people and entities who support IPS objectives and activities. DISAs may have management responsibility for one or more staff members, who are each responsible for an assigned aspect of IPS program as defined by the DISA.

The DISA must have a combination of skills including strong written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.

Risk Management

• Implement and manage risk management activities to facilitate effective, efficient, and standardized approach to align with the IPS program

• Identify, establish, and maintain strategic relationships with key stakeholders to help accomplish IPS objectives.

• Lead their IPS risk management program, using corporate-provided tools and templates, to assure the presence and effectiveness of administrative, technical, and physical controls.

• Partner with appropriate leadership -- including Facility Privacy Officials (FPO), Ethics & Compliance Officers (ECO), IT Directors, and physical security leaders -- to respond timely to time-sensitive information requests, by providing evidence of security controls.

• Guide risk-based decisions by appropriate decision-makers that focus on preventing or correcting identified security risks through implementation of reasonable controls.

• Provide leadership and oversight for acquisition or divestiture due diligence efforts

• Represent IPS needs in local strategic planning, budgeting, and work prioritization.

• Collaborate with other IPS leaders to ensure consistency of IPS program and solutions.

Issues Tracking and Resolution

• Manage operational processes that monitor and respond to potential security threats.

• Partner with corporate departments and/or external entities (e.g., law enforcement) as required to facilitate rapid response to security events.

• Partner with HR Director, FPO, Legal, and ECO on cross-disciplinary incident investigation and reporting.

• Partner with IT colleagues to assure ongoing maturity of IT operational security controls.

• Lead follow-up education and consultation activities for workforce members with risky behaviors and/or behaviors that violate IPS policies and standards.


• Round on leadership and colleagues to build relationships necessary to influence decisions that protect the company and educate workforce on how to reduce or eliminate risky behaviors.

• Lead and coordinate the implementation and adoption of process and technology changes necessary to support IPS program goals and strategic objectives.

• Oversee processes for review and approval of security exception requests.

Vendor Systems Security

• Ensure proper vendor contracts and security terms are in place for systems, devices, and services.

• Partner with appropriate business and IT leadership to help ensure systems, services, and devices receive appropriate assessments and remediation as part of local on-boarding processes.

• Partner with business and IT leadership to ensure proper controls are in place for existing vendor-maintained solutions.


• Coordinate with local HR and training departments to ensure that periodic workforce training includes company-required IPS content.

• Facilitate, and lead where appropriate, proactive IPS communication and awareness activities.

Staff Development

• Recruit and manage IPS staff.

• Ensure appropriate training and development programs are utilized to attract, retain, and develop personnel required to support the IPS program.

• Participate in succession planning activities.

Education & Experience:

• Bachelor's degree required

• Master's degree preferred

• 7+ years of experience in a relevant field required

• 7+ years of experience in security risk management, information security domains, and/or hospital operations preferred

• 3+ years of experience in management required

Licenses, Certifications, & Training:

CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy

Knowledge, Skills, Abilities, Behaviors:

• Significant experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices required

• Experience in management and/or operations in a number of healthcare business or IT functional areas required

• Experience in some combination of audit, risk management, information security, privacy, and information technology required

• Significant experience with relevant regulations (e.g., HIPAA, SOX, PCI, GLBA, FERPA) and applying these to identify appropriate controls necessary to maintain compliance required

• Strong leadership skills, personal drive, and the ability to see projects through to execution in a matrixed environment required

• Demonstrated experience in building and maintaining positive team relationships at all levels of the organization required

• Experience in staff recruiting, development, and management required

• Ability to communicate effectively, in written and verbal forms, at an executive level required

• Possesses confident leadership skills: decisiveness, assertiveness, with the ability to achieve results quickly required

• Demonstrates a high degree of initiative, dependability, and the ability to work with minimal supervision required

• Possesses a sense of responsibility and accountability – someone who takes ownership and initiative required

• Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity required

• Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions required

• Maintains professional demeanor, appearance, and positive attitude required

• Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities required

This role requires you to be fully vaccinated for COVID-19 based on local, state and /or federal law or regulations (unless a medical or religious exemption is approved).

HCA Healthcare (Corporate), based in Nashville, Tennessee, supports a variety of corporate roles from business operations to administrative positions. Like our colleagues in any HCA Healthcare hospital, our corporate campus employees enjoy unparalleled resources and opportunities to reach their potential as healthcare leaders and innovators. From market rate compensation to continuing education and career advancement opportunities, every person has a solid foundation for success. Nashville is also home to our Executive Development Program, where exceptional employees are groomed to take on CNO- and COO-level roles in our hospitals. This selective program focuses on ethics, leadership and the financial and clinical knowledge required of professionals at this level of the industry.

HCA Healthcare has been recognized as one of the World’s Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"Good people beget good people."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder

We are a family 270,000 dedicated professionals! Our Talent Acquisition team is reviewing applications for our Director Information Security Assurance opening. Qualified candidates will be contacted for interviews. Submit your resume today to join our community of caring!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


Save Job Unsave Job


Directors and Managers
Full-time • No Weekends

About HCA Healthcare

What matters most to our diverse and talented colleagues is giving people the absolute best healthcare in the most compassionate way possible.

Learn more about HCA Healthcare chevron_right

Similar Jobs

For questions about your job application or this site, please contact;
HCAhrAnswers at 1-844-422-5627 option 1.

Get job notifications based
on your interests

Join our Talent Network