View all jobs
Zone Facility Information Security Official (ZFISO)
Nashville, TNClassification: Contract
Contract Length: 12 months
Job ID: 16433583
Location: Nashville, TN
CereCore® provides EHR implementations, IT and application support, IT managed services, technical staffing, strategic IT consulting, and advisory services to hospitals and health systems nationwide. Our heritage is in the hallways of some of America’s top-performing hospitals. We have served as leaders in finance, operations, technology, and as clinicians turned power users and innovators. At CereCore, we know firsthand the power that aligned technology can provide in delivering care. As a wholly-owned subsidiary of HCA Healthcare, we are committed to bringing the expertise we have gained as operators to deliver IT services that emphatically address the needs of health systems across the United States. Our team of over 600 clinical and technical professionals has implemented EHR systems in more than 400 facilities and provides managed services support to tens of thousands of health system employees. We work tirelessly to provide healthcare organizations specialized IT services that support the delivery of patient care. The Link to Life-Saving Care.
CereCore is seeking a Zone Facility Information Security Official to join our team in Nashville, TN. This individual will work at one of the nation's leading providers of healthcare services, HCA Healthcare.
Summary:
The Zone Facility Information Security Official is a shared role across a market, responsible for leading, driving, and, in some cases, implementing Information Protection & Security (IPS) activities in company entities under the supervision of the Division Director of Information Security Assurance (DISA) or a Manager, Consulting, or Senior ZFISO. He or she serves as a liaison between local leadership and IPS leadership.
Under general supervision from the DISA, they are responsible for performing a wide range of tasks that support the ongoing maturation of the IPS program including driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and rounding with local leadership to reduce or eliminate risky behaviors. They are responsible for helping workforce members appropriately comply with the company’s IPS requirements.
This role requires extensive focus on building and expanding relationships with key stakeholders such as local leadership; workforce members; physicians; IT teams; business owners; vendors; and other people and entities who support IPS objectives and activities.
The ZFISO must have a combination of skills including written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.
In this position you will:
Requirements:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Contract Length: 12 months
Job ID: 16433583
Location: Nashville, TN
CereCore® provides EHR implementations, IT and application support, IT managed services, technical staffing, strategic IT consulting, and advisory services to hospitals and health systems nationwide. Our heritage is in the hallways of some of America’s top-performing hospitals. We have served as leaders in finance, operations, technology, and as clinicians turned power users and innovators. At CereCore, we know firsthand the power that aligned technology can provide in delivering care. As a wholly-owned subsidiary of HCA Healthcare, we are committed to bringing the expertise we have gained as operators to deliver IT services that emphatically address the needs of health systems across the United States. Our team of over 600 clinical and technical professionals has implemented EHR systems in more than 400 facilities and provides managed services support to tens of thousands of health system employees. We work tirelessly to provide healthcare organizations specialized IT services that support the delivery of patient care. The Link to Life-Saving Care.
CereCore is seeking a Zone Facility Information Security Official to join our team in Nashville, TN. This individual will work at one of the nation's leading providers of healthcare services, HCA Healthcare.
Summary:
The Zone Facility Information Security Official is a shared role across a market, responsible for leading, driving, and, in some cases, implementing Information Protection & Security (IPS) activities in company entities under the supervision of the Division Director of Information Security Assurance (DISA) or a Manager, Consulting, or Senior ZFISO. He or she serves as a liaison between local leadership and IPS leadership.
Under general supervision from the DISA, they are responsible for performing a wide range of tasks that support the ongoing maturation of the IPS program including driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and rounding with local leadership to reduce or eliminate risky behaviors. They are responsible for helping workforce members appropriately comply with the company’s IPS requirements.
This role requires extensive focus on building and expanding relationships with key stakeholders such as local leadership; workforce members; physicians; IT teams; business owners; vendors; and other people and entities who support IPS objectives and activities.
The ZFISO must have a combination of skills including written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.
In this position you will:
- Coordinate and perform risk assessments using corporate-provided tools and templates.
- Drive and manage execution of corrective action plans to address deficiencies identified during risk assessments.
- Ensure the designated committee (e.g., Security Committee, Ethics & Compliance Committee) receives, documents, tracks, investigates, and sponsors remediation of security control deficiencies, suspected IPS incidents, and complaints. Provide education and guidance to ensure these committees make informed, risk-based decisions necessary to balance business needs and security objectives.
- Represent IPS needs in strategic planning, budgeting, and work prioritization processes.
- Drive ongoing compliance with IPS policies, standards, and operational procedures.
- Work with local leaders to submit and approve exceptions to IPS standards.
- Lead audit response activities to address IPS issues identified by Internal Audit or external auditors (e.g., CMS HIPAA Security audits).
- Support, coordinate, and manage incident response and investigation activities.
- Investigate information leaving the organization with appropriate leadership (i.e. Manager, ECO, HR, Legal)
- Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IPS issues are applied appropriately and consistently.
- Perform follow-up education and consultation with workforce members with risky behaviors and/or behaviors that violate Company policies and standards.
- Round to build and strengthen relationships with workforce members at all levels and to educate staff on how to reduce or eliminate risky behaviors.
- Facilitate, and lead where appropriate, proactive IPS communication and awareness activities including coordinating with HR and training departments to ensure that periodic workforce training includes company required IPS content.
- Assist with and manage the review and approval of user requests for high-risk access.
- Assist the Division DISA in driving key elements in the enterprise and division IS programs to ensure that required processes are adopted and maintained.
- Lead and coordinate implementation and adoption of technology and processes changes.
- Collaborates with system business owners to ensure vendor contracts are in place for department and IT systems and services.
- Work with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure specific systems, services, and devices receive proper security assessments and remediation.
- Work with business, purchasing, and IT stakeholders to ensure proper controls are in place for existing vendor-maintained solutions.
- Work with system business owners and vendors to document system vulnerabilities and document mitigation controls or remediation actions.
- Ensure vendor systems use approved connectivity, remote management and monitoring.
Requirements:
- Bachelor's degree and 3+ years of experience in a relevant field or High School Graduate/Equivalent and 6+ years of experience in a relevant field
- Experience in technical security analysis.
- Experience in some combination of audit, risk management, information security, privacy, and information technology.
- Possesses the ability to build and maintain positive team relationships at all levels of the facility, market, and corporate levels.
- Possesses A sense of responsibility and accountability – someone who takes ownership and initiative.
- Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.
- Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions.
- The job may require up to 20-25% travel.
- CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy preferred
- Experience in developing and accessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices preferred.
- Exposure to management and/or operations in a number of healthcare business or IT functional areas preferred.
- Knowledge of information security regulations (HIPAA Privacy/Security, Sarbanes-Oxley IT controls, Payment Card Industry (PCI)) preferred.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.