View all jobs

Information Security Remediation Analyst

Remote or Nashville, TN
Classification: Contract
Contract Length: 12-months
Job ID: 

At CereCore, our heart for healthcare is interconnected with our knowledge of technical solutions, creating a vital link that ultimately drives the delivery of high-quality care. CereCore is a wholly-owned subsidiary of Hospital Corporation of America (HCA) Healthcare.   

CereCore is seeking an Information Security Remediation Analyst to join the HCA Information Protection & Security (IPS) team in Nashville, TN. This individual will work on-site at one of the nation's leading providers of healthcare services, HCA Healthcare. This individual will work directly on the Crown Jewels project, which is an effort dedicated to reporting on and improving the security posture of several mission critical information assets at HCA Healthcare.

Responsibilities:  ​
  • Collect and analyze various types of risk assessment reports and outputs from automated data sources conducted by HCA Healthcare personnel that can be used to report risk on HCA Crown Jewel systems or other key risk areas
  • Review, understand and aggregate the relevant findings/issues (e.g., IT security vulnerabilities, gaps in security compliance, control deficiencies) from these reports into a dedicated data collection location and structure
  • Collaborate with the project teams, subject matter experts (SME), and other applicable stakeholders to interpret and validate finding legitimacy and the open/closed status of findings
  • Collaborate with IPS Data Analyst to visualize the findings  in a dedicated dashboard tailored to specific stakeholder audiences (e.g., Product Owner, Business Owner, Control Owners) responsible for each finding
  • Normalize findings against the IPS Risk Management framework and control catalog, organize them by risk rating and resource lift, and identify the appropriate SME who can help the Product Owner team remediate the finding
  • Present the findings dashboards to key stakeholders and work to help them understand the risk framework and priorities
  • Liaise with the Enterprise Vulnerability Remediation team and other solution teams to investigate known remediations for identified issues
  • Facilitate coordination between enterprise stakeholders to resolve findings or accept risk
  • Maintain regular contact with Control Owners and Product Owners to determine status of remediation efforts
  • Track findings or risk acceptance to completion within the structured data set
  • Identify and document opportunities for process improvement and innovation to improve remediation efforts
  • Escalate unresolved issues with technology or personnel to team management as needed
  • Other assigned duties related to the Crown Jewels project or general findings intake work  as needed

Position Requirements:
  • 5+ years of related experience
  • 3+ years of experience with Information Security/Cyber Security/IT Security Controls/IT Controls Audit project initiatives preferred
  • Experience working within control frameworks, risk management frameworks, risk register or controls assurance
  • Ability to multi-task and manage multiple work efforts at once
  • Ability to report and track project deliverables
  • Experience driving projects across multiple technology teams in large complex organizations
CereCore was formed in 2001 as a shared service business within a large hospital operator. We focus solely on helping healthcare organizations align business and IT strategies to improve processes and patient care. 

Awards and Recognition  
Our Commitment to Diversity and Inclusion
We believe excellence in healthcare starts with a foundation of inclusion, compassion and respect for our patients and each other. We are committed to fostering a culture of inclusion across all areas of our organization.  We are an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


More Openings

ETL Developer
Tech Analyst

Share This Job

Powered by