Zone Facility Information Security Official in Nashville, Tennessee, United States
Join our Talent Network
Skip to main content

Zone Facility Information Security Official

Nashville, TN, United States
Full-time • Work From Home
Information Technology   Job ID: 1909
Save Job Unsave Job

Apply


Description

Are you looking for a work environment where diversity and inclusion thrive? Submit your application for our Zone Facility Information Security Official opening with Work from Home today and find out what it truly means to be a part of the HCA Healthcare team.

At Work from Home, we want to ensure your needs are met. We offer eligible colleagues an attractive benefit package that includes medical, wellbeing, dental and vision benefits along with some unique benefits including:

• Student Loan Repayment
• Tuition Reimbursement/Assistance Programs
• Paid Time Off and Paid Family Leave
• 401k (100% annual match – 3%-9% of pay based on years of service)
• Adoption Assistance
• Employee Stock Purchase Program (ESPP)
• Flexible spending accounts
• Short and long-term disability coverage
• Legal benefits and pet insurance
• Discounted Auto, Home, and Life Insurance and Identity Theft Protection

For more benefits details click here.

We are seeking a(an) Zone Facility Information Security Official for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!

HCA Healthcare ITG

Job Summary:

The Zone Facility Information Security Official is a shared role across a market, responsible for leading, driving, and, in some cases, implementing Information Protection & Security (IPS) activities in company facilities under the supervision of the division’s Information Protection & Security Director or a Senior ZFISO. He or she serves as a liaison between division/facility leadership and IPS leadership.

Under general supervision from the DISA, they are responsible for performing a wide range of tasks that support the ongoing maturation of the facility’s IPS program, including: driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and rounding with division and facility leadership to reduce or eliminate risky behaviors. They are responsible for helping facility workforce members appropriately comply with the company’s IPS requirements.

This role requires extensive focus on building and expanding relationships with key stakeholders such as facility and division leadership; workforce members; physicians; division and facility IT teams; business owners; vendors; and other people and entities who support IPS objectives and activities within the facility.

The ZFISO must have a combination of skills including written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.

General Responsibilities:

Risk Management:

  • Coordinate and perform risk assessments within facilities using corporate-provided tools and templates.

  • Drive and manage execution of corrective action plans to address deficiencies identified during risk assessments.

  • Ensure the designated facility committee (e.g., Facility Security Committee, Facility Ethics & Compliance Committee) receives, documents, tracks, investigates, and sponsors remediation of security control deficiencies, suspected IPS incidents, and complaints. Provide education and guidance to ensure these committees make informed, risk-based decisions necessary to balance business needs and security objectives.

  • Represent IPS needs in facility strategic planning, budgeting, and work prioritization processes.

  • Drive ongoing compliance with IPS policies, standards, and operational procedures.

  • Work with division and/or facility leaders to submit and approve exceptions to IPS standards.

  • Lead audit response activities to address IPS issues identified by Internal Audit or external auditors (e.g., CMS HIPAA Security audits).

Issues Tracking and Resolution:

  • Support, coordinate, and manage incident response and investigation activities involving the facility.

  • Investigate information leaving the organization with appropriate leadership (i.e. Manager, ECO, HR, Legal)

  • Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IPS issues are applied appropriately and consistently.

  • Perform follow-up education and consultation with workforce members with risky behaviors and/or behaviors that violate Company policies and standards.

Execution:

  • Round the facility to build and strengthen relationships with workforce members at all levels and to educate staff on how to reduce or eliminate risky behaviors.

  • Facilitate, and lead where appropriate, proactive IPS communication and awareness activities in the facility including coordinating with facility HR and training departments to ensure that periodic workforce training includes company-required IPS content.

  • Assist with and manage the review and approval of user requests for high-risk access.

  • Assist the Division DISA in driving key elements in the enterprise and division IS programs at the facility level to ensure that required processes are adopted and maintained.

  • Lead and coordinate implementation and adoption of technology and processes changes in assigned facilities.

Vendor Systems Security:

  • Collaborates with facility system business owners to ensure vendor contracts are in place for department and facility IT systems and services.

  • Work with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure division and facility-specific systems, services, and devices receive proper security assessments and remediation.

  • Work with business, purchasing, and IT stakeholders to ensure proper controls are in place for existing vendor-maintained solutions.

  • Work with system business owners and vendors to document system vulnerabilities and document mitigation controls or remediation actions.

  • Ensure vendor systems use approved connectivity, remote management and monitoring.

Education, Experience and Certifications:

  • Bachelor’s Degree – Required
  • 3+ years relevant work experience – Required
  • 3+ years of experience in security technologies, project management, and/or Healthcare – Preferred
  • CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy – Preferred

Other Qualifications:

  • Experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices.

  • Exposure to management and/or operations in a number of healthcare business or IT functional areas.

  • Experience in some combination of audit, risk management, information security, privacy, and information technology.

  • Knowledge of information security regulations (HIPAA Privacy/Security, Sarbanes-Oxley IT controls, Payment Card Industry (PCI))

  • Possesses the ability to build and maintain positive team relationships at all levels of the facility, market, and corporate levels.

  • Possesses A sense of responsibility and accountability – someone who takes ownership and initiative.

  • Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.

  • Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions.

  • Maintains professional demeanor, appearance, and positive attitude.

  • Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.

HCA Healthcare’s Information Technology Group (ITG) delivers healthcare IT products and services to HCA Healthcare's portfolio of business and partners, including Parallon, HealthTrust and Sarah Cannon.

For decades, ITG has been a pioneer in the industry, leading the transformation of healthcare into a new era of quality and connectivity. ITG relies on the breadth of the organization and depth of technical expertise to advance and enhance today’s healthcare and to enable our physicians and clinicians to provide world-class, innovative care for patients.

ITG employees rally around the noble cause of transforming healthcare through technology and find inspiration in the meaningful work they do—creating a culture that follows our mission statement which begins by saying “above all else we are committed to the care and improvement of human life.”

If you want a career in technology and have a heart for healthcare, apply your expertise to a mission that matters.


  • Bachelors Degree


HCA Healthcare (Corporate), based in Nashville, Tennessee, supports a variety of corporate roles from business operations to administrative positions. Like our colleagues in any HCA Healthcare hospital, our corporate campus employees enjoy unparalleled resources and opportunities to reach their potential as healthcare leaders and innovators. From market rate compensation to continuing education and career advancement opportunities, every person has a solid foundation for success. Nashville is also home to our Executive Development Program, where exceptional employees are groomed to take on CNO- and COO-level roles in our hospitals. This selective program focuses on ethics, leadership and the financial and clinical knowledge required of professionals at this level of the industry.

HCA Healthcare has been named one of the World's Most Ethical Companies by Ethisphere Institute for over a decade.  In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

If you find this opportunity compelling, we encourage you to apply for our Zone Facility Information Security Official opening. We promptly review all applications. Highly qualified candidates will be directly contacted by a member of our team. We are interviewing apply today!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Apply

Save Job Unsave Job

Details

Information Technology
Full-time • Work From Home

About HCA Healthcare

What matters most to our diverse and talented colleagues is giving people the absolute best healthcare in the most compassionate way possible.

Learn more about HCA Healthcare chevron_right

Similar Jobs

For questions about your job application or this site, please contact:
HCAhrAnswers at 1-844-422-5627 option 1.

Get job notifications based
on your interests

Join our Talent Network