At CereCore, our heart for healthcare is interconnected with our knowledge of technical solutions, creating a vital link that ultimately drives the delivery of high-quality care. CereCore is a wholly-owned subsidiary of Hospital Corporation of America (HCA) Healthcare.
CereCore is seeking an Information Security Remediation Analyst to join the HCA Information Protection & Security (IPS) team in Nashville, TN. This individual will work on-site at one of the nation's leading providers of healthcare services, HCA Healthcare. This individual will work directly on the Crown Jewels project, which is an effort dedicated to reporting on and improving the security posture of several mission critical information assets at HCA Healthcare.
Collect and analyze various types of risk assessment reports and outputs from automated data sources conducted by HCA Healthcare personnel that can be used to report risk on HCA Crown Jewel systems or other key risk areas
Review, understand and aggregate the relevant findings/issues (e.g., IT security vulnerabilities, gaps in security compliance, control deficiencies) from these reports into a dedicated data collection location and structure
Collaborate with the project teams, subject matter experts (SME), and other applicable stakeholders to interpret and validate finding legitimacy and the open/closed status of findings
Collaborate with IPS Data Analyst to visualize the findings in a dedicated dashboard tailored to specific stakeholder audiences (e.g., Product Owner, Business Owner, Control Owners) responsible for each finding
Normalize findings against the IPS Risk Management framework and control catalog, organize them by risk rating and resource lift, and identify the appropriate SME who can help the Product Owner team remediate the finding
Present the findings dashboards to key stakeholders and work to help them understand the risk framework and priorities
Liaise with the Enterprise Vulnerability Remediation team and other solution teams to investigate known remediations for identified issues
Facilitate coordination between enterprise stakeholders to resolve findings or accept risk
Maintain regular contact with Control Owners and Product Owners to determine status of remediation efforts
Track findings or risk acceptance to completion within the structured data set
Identify and document opportunities for process improvement and innovation to improve remediation efforts
Escalate unresolved issues with technology or personnel to team management as needed
Other assigned duties related to the Crown Jewels project or general findings intake work as needed
5+ years of related experience
3+ years of experience with Information Security/Cyber Security/IT Security Controls/IT Controls Audit project initiatives preferred
Experience working within control frameworks, risk management frameworks, risk register or controls assurance
Ability to multi-task and manage multiple work efforts at once
Ability to report and track project deliverables
Experience driving projects across multiple technology teams in large complex organizations
CereCore was formed in 2001 as a shared service business within a large hospital operator. We focus solely on helping healthcare organizations align business and IT strategies to improve processes and patient care.
Awards and Recognition
Modern Healthcare selected CereCore as one of the 2020 and 2021 "Best Places to Work in Healthcare."
CereCore wins ClearlyRated's 2020 and 2021 "Best of Staffing" Client and Talent Awards for Service Excellence.
HCA Workplace Measures Up & Earns Computerworld 2017 "Best Places to Work in IT Award," an award we’ve earned since 2009.
Our Commitment to Diversity and Inclusion We believe excellence in healthcare starts with a foundation of inclusion, compassion and respect for our patients and each other. We are committed to fostering a culture of inclusion across all areas of our organization. We are an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.