Description

This position is incentive eligible.

Introduction

Lead the future of healthcare security:

Do you have a passion for safeguarding patient data and a vision to help shape the security of an emerging healthcare solution at a Fortune 100 Company?

As the Expanse Security Director, you will spearhead security initiatives for a large multi-national healthcare organization spanning the US and UK. You’ll be driving the security program to drive a key clinical solution (GCP/Expanse EHR) and leverage your extensive experience in compliance/control frameworks, software security, identity and access, network security, vulnerability management, incident response and also cloud posture management.

Fusing technical knowledge with leadership expertise, you’ll collaborate with partners both in IT and the clinical business to effectively communicate complex security concepts while demonstrating the maturity and impact of your security program on risk reduction and capability advancement.

If you’re driven by innovation, passionate about healthcare, and eager to advance your career in a supportive matrix organization with room for growth, this could be your ideal opportunity. Join us and help us empower next-generation care with cutting-edge security solution while you work alongside awesome teams and supportive leadership at HCA Healthcare.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.

• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.

• Free counseling services and resources for emotional, physical and financial wellbeing

• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)

• Employee Stock Purchase Plan with 10% off HCA Healthcare stock

• Family support through fertility and family building benefits with Progyny and adoption assistance.

• Referral services for child, elder and pet care, home and auto repair, event planning and more

• Consumer discounts through Abenity and Consumer Discounts

• Retirement readiness, rollover assistance services and preferred banking partnerships

• Education assistance (tuition, student loan, certification support, dependent scholarships)

• Colleague recognition program

• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)

• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)

Note: Eligibility for benefits may vary by location.

Would you like to unlock your potential with a leading healthcare provider dedicated to the growth and development of our colleagues? Join the HCA Healthcare family! We will give you the tools and resources you need to succeed in our organization. We are looking for an enthusiastic Director IPS Field Operations - Expanse to help us reach our goals. Unlock your potential!

Job Summary and Qualifications

HCA Healthcare ITG (http://www.youtube.com/watch?v=-pa0b3zlbNc)

Job Summary:

The Director of Information Protection & Security for Expanse leads information security and compliance activities for the Meditech Expanse Program.

They are responsible for helping accomplish strategic and operational business objectives while assuring alignment with the Information Protection & Security (IPS) policies, standards, and procedures, as well as security controls based on nationally recognized frameworks (e.g., NIST CISA, ISO 27001). They must be proactive in identifying and responding to the evolving information security risk landscape.

They are also responsible for working with IT and IPS to identify and remediate any security deficiencies that may exist and tracking remediation of these on a defined roadmap, including periodic reports to leadership on the overall security posture of the Expanse Program. This position is also expected to be able to provide security compliance, risk management and technical over-sight for security work done by others to ensure effective results and manage major initiatives.

They are able to operate with little day-to-day supervision after their goals and requirements have been identified or provided. They are highly effective at dealing with conflict and issues and collaborative to resolve these in a way that meets the overall goals of the organization. They are able to accept high-level goals from management without complete facts and drive them to completion. They are expected to know when to communicate back to their management to keep them informed.

They are expected to be an expert in two or more Information Security related subject areas (e.g., identity and access management, web application security, penetration testing, cloud security, network security, secure code development, encryption, mobile application security, systems, and platform security, etc.).

While this position will report to the AVP of Information Protection and Security, the position will be embedded within and 100% dedicated to the Meditech Expanse program. This position will have a dotted-line relationship to the VP, Meditech Expanse. They are required to accomplish many of their work goals through others who do not directly report to them.

Lastly, they are expected to function as Incident Commander when security or compliance issues arise with the Expanse program, functioning as project leader to ensure all appropriate actions are taken in a timely manner.

General Responsibilities:

Risk Management:

• Facilitate risk-based decisions by engaging in business strategic and tactical discussions to prevent or correct security risks.

• Partner with Corporate IPS stakeholders to develop and implement tools and templates, to assure the presence and effectiveness of administrative and technical security controls.

• Define, implement, and manage security risk management activities that align with the IPS program. This may include developing, maintaining, and publishing policies, standards, procedures, and guidelines specific to the Expanse Program.

• Represent IPS needs in Expanse strategic planning, budgeting, and work prioritization.

• Partner with Expanse leadership to identify, implement, train, and assure ongoing maturity of IT operational security controls.

• Monitor and report on security control deficiencies.

• Ensure that security incidents are appropriately investigated, and action is taken as needed.

• Monitor technology trends and emerging threats to proactively identify and mitigate any vulnerabilities.

• Partner with appropriate business and IT leadership to help ensure systems, services, and devices receive appropriate assessments and remediation as part of technology on-boarding processes.

Execution:

• Develop and maintain a long-term strategy and roadmap that aligns the company’s enterprise IPS program with the Expanse Program priorities.

• Oversee processes for review and, where appropriate, approval of security exception requests.

• Be a source of expertise, guidance, and training to the Meditech Expanse team on best practices and requirements of the organization’s security program and educate colleagues on how to reduce or eliminate risky behaviors.

• Maintain excellent relationships with all stakeholders, managing any conflicts that arise from implementation of security procedures and controls.

Communication:

• Executive presentation of Expanse security program strategy and objectives, project status, and health to appropriate leadership and other stakeholders.

• Facilitate, and lead where appropriate, IPS training, communication, and awareness activities.

Staff Development:

• Responsible for building effective teams by hiring individuals that possess the necessary skills and represent the company's values

• Ensure appropriate training and development programs are utilized to attract, retain, and develop personnel required to implement and support the IPS program.

• Responsible for growing, coaching and mentoring future IPS leaders

• Participate in succession planning activities.

Other:

• Performs other duties as assigned

• Practices and adheres to the “Code of Conduct” philosophy and “Mission and Value Statement.”

Education, Experience and Certifications:

• Bachelor's degree - Required

• Master's degree - Preferred

• 7+ years of experience in a relevant field - Required

• 7+ years of experience in security risk management, information security domains, and/or hospital operations - Preferred

• 3+ years of experience in management – Required

• CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy – Preferred

HCA Healthcare’s Information Technology Group (ITG) delivers healthcare IT products and services to HCA Healthcare's portfolio of business and partners, including Parallon, HealthTrust and Sarah Cannon.

For decades, ITG has been a pioneer in the industry, leading the transformation of healthcare into a new era of quality and connectivity. ITG relies on the breadth of the organization and depth of technical expertise to advance and enhance today’s healthcare and to enable our physicians and clinicians to provide world-class, innovative care for patients.

ITG employees rally around the noble cause of transforming healthcare through technology and find inspiration in the meaningful work they do—creating a culture that follows our mission statement which begins by saying “above all else we are committed to the care and improvement of human life.”

If you want a career in technology and have a heart for healthcare, apply your expertise to a mission that matters.

HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"There is so much good to do in the world and so many different ways to do it."- Dr. Thomas Frist, Sr.

HCA Healthcare Co-Founder

Be a part of an organization that invests in you! We are reviewing applications for our Director IPS Field Operations - Expanse opening. Qualified candidates will be contacted for interviews. Submit your application and help us raise the bar in patient care!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.