Vendor Security Controls Engineer II in Nashville, Tennessee, United States
Join our Talent Network
Skip to main content
HCA Healthcare

Vendor Security Controls Engineer II

Nashville, TN, United States
Full-time • Days 7-10 Hrs/Wkdays Only
Information Technology   Job ID: 12861
Save Job Unsave Job




Do you have the career opportunities as a(an) Security Controls Engineer II you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare.


We are committed to providing our employees with the support they need. At HCA Healthcare, we offer eligible colleagues an attractive benefit package that includes medical, wellbeing, dental and vision benefits along with some unique benefits including:

  • Medical, Dental, Vision, Life Insurance and Flexible Spending
  • Paid Time Off (PTO) and Personal Leave
  • 401K (100% annual match - 3% to 9% of pay based on years of service)
  • Academic Assistance and Reimbursements for Tuition and Student Loans
  • Employee Discounts including Tickets, Retail, Mental Health Apps, Education Apps, Identity Theft Protection etc.
  • HomeAuto, and Pet Insurance
  • Employee Stock Purchase Program (ESPP)
  • Short Term Long Term Disability coverage
  • Adoption Assistance
  • Legal Benefits and lots more!

Learn more about Employee Benefits

Our teams are a committed, caring group of colleagues. Do you want to work as a(an) Security Controls Engineer II where your passion for creating positive patient interactions are valued? If you are dedicated to caring for the well-being of others, this could be your next opportunity. We want your knowledge and expertise!

Job Summary and Qualifications

HCA Healthcare ITG

Job Summary:

The Security Controls Engineer is a technology and process focused security professional with an emphasis in information security controls, risk assessment, regulatory compliance, and security consultation. Applies information security concepts, knowledge, and skills to support a comprehensive information protection program. The Security Controls Engineer evaluates and monitors the current state of security controls across the organization related to people, process, and technology as well as with 3rd party vendors external to the organization.

General Responsibilities:

Performs the collection of the top and most pressing IT security risks (regulatory, security of critical enterprise applications and infrastructure, vendors, etc.), analyze, monitor, and derive strategic decisions that balance risk with operation and economic costs of protective measures.

Performs interviews with company senior management and business owners to confirm anticipated business effects resulting from the actual occurrence of any of the identified enterprise security risks.

Leverages inventory of key vendors, applications, processes, and infrastructure items and their impact to the top and most pressing IT security risks. Additionally, maps applications, processes, and infrastructure items to appropriate security risks.

Performs activities to identify key controls (policy, procedure, practice, or organizational structure) that if implemented would provide reasonable assurance that security objectives will be achieved and undesired events will be prevented or detected and corrected

Performs activities to review, develop, and implement security controls plans, vendor security agreements, and security exceptions to control standards.

Performs activities to conduct technical security reviews and assessments of vendors, applications, processes, and IT infrastructure.

Performs activities related to the analysis of data collected during security reviews and assessment of vendors, applications, processes, and IT infrastructure in order to determine current state of security risk across the company.

Performs activities to develop remediation plans to address issues discovered as result of security reviews and/or assessments of vendors, applications, processes, and IT infrastructure. Works with management to assign remediation responsibilities, actions, and priorities.

Performs activities to monitor and track remediation activities to address weaknesses and issues discovered through security reviews or audits of vendors, applications, processes, and IT infrastructure.

Performs activities to develop strategies to ensure compliance with security standards as well as regulatory and audit issues.

Performs activities to provide periodic reporting including assessment findings and recommendations for improvement to applicable constituencies (e.g., executive management, facility leadership, and governance committee).

Identifies security related regulatory requirements (ie. PCI-DSS, SOX, HIPAA), and interacts with internal and external assessors and auditors to ensure ongoing compliance

Education, Experience and Certifications:

  • Bachelor’s Degree – Preferred
  • 3+ years of experience – Required

Other Preferred Qualifications:

  • Certifications (preferred, not required):
    • CISSP - Certified Information Systems Security Professional
    • GSEC - GIAC Security Essentials Certified
    • CISA - Certified Information Systems Auditor
    • PCIP- PCI Professional Training
    • HCISPP -  Healthcare Information Security and Privacy Practitioner
  • Preferred areas of experience:
    • Security Technologies / Methodologies
    • IT Audit/Risk Management
    • Information Security Metrics and Reporting
    • Systems Control Review Process
    • Application/Infrastructure Control Review Process
  • Working knowledge of the COSO and COBIT methodologies
    • Experience with ISO27001, HIPAA, Sarbanes-Oxley, PCI-DSS
    • Experience with IT risk, regulatory, or compliance responsibilities
    • Possession of excellent analytical and interpersonal skills
    • Possession of excellent oral and written communication skills

HCA Healthcare’s Information Technology Group (ITG) delivers healthcare IT products and services to HCA Healthcare's portfolio of business and partners, including Parallon, HealthTrust and Sarah Cannon.

For decades, ITG has been a pioneer in the industry, leading the transformation of healthcare into a new era of quality and connectivity. ITG relies on the breadth of the organization and depth of technical expertise to advance and enhance today’s healthcare and to enable our physicians and clinicians to provide world-class, innovative care for patients.

ITG employees rally around the noble cause of transforming healthcare through technology and find inspiration in the meaningful work they do—creating a culture that follows our mission statement which begins by saying “above all else we are committed to the care and improvement of human life.”

If you want a career in technology and have a heart for healthcare, apply your expertise to a mission that matters.

ITG transforms healthcare and gives people healthier tomorrows. We deliver information technology strategy, support, and solutions. ITG improve and enhance patient care and business operations. We deliver services at administrative locations, data centers, and hospitals. The facilities we support are located in 20+ states and the United Kingdom. Our team works to move healthcare forward. We do this by seeking, embracing, developing, and delivering technology for patient care.

HCA Healthcare has been named one of the World's Most Ethical Companies by Ethisphere Institute for over a decade.  In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder

If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Security Controls Engineer II opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


Save Job Unsave Job


Information Technology
Full-time • Days 7-10 Hrs/Wkdays Only

About HCA Healthcare

What matters most to our diverse and talented colleagues is giving people the absolute best healthcare in the most compassionate way possible.

Learn more about HCA Healthcare chevron_right

Similar Jobs

For questions about your job application or this site, please contact:
HCAhrAnswers at 1-844-422-5627 option 1.

Get job notifications based
on your interests

Join our Talent Network