Description
Introduction
Experience the HCA Healthcare difference where colleagues are trusted, valued members of our healthcare team. Grow your career with an organization committed to delivering respectful, compassionate care, and where the unique and intrinsic worth of each individual is recognized. Submit your application for the opportunity below:Marketing BISOHCA Healthcare
Benefits
HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:
Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
Free counseling services and resources for emotional, physical and financial wellbeing
401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
Employee Stock Purchase Plan with 10% off HCA Healthcare stock
Family support through fertility and family building benefits with Progyny and adoption assistance.
Referral services for child, elder and pet care, home and auto repair, event planning and more
Consumer discounts through Abenity and Consumer Discounts
Retirement readiness, rollover assistance services and preferred banking partnerships
Education assistance (tuition, student loan, certification support, dependent scholarships)
Colleague recognition program
Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.
Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)
Note: Eligibility for benefits may vary by location.
We are seeking a Marketing BISO for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!
Job Summary and Qualifications
The Business Information Security Official (BISO) leads the Information Protection & Security (IPS) program for HCA Healthcare's Marketing and Corporate Affairs Department. This position helps the organization arrive at appropriate risk-based decisions that balance operational needs and security risks. They oversee the assessment of security controls and work with appropriate leadership to address deficiencies. The BISO understands security and privacy risks and is able to effectively communicate those to all levels of the organization.
The BISO must be capable of working closely with senior management, third parties, technical support teams, project managers, and business subject matter experts (SMEs). Additionally, the BISO must be able to translate cybersecurity issues to each of these stakeholders in a way they understand.
The BISO must have a technical background and be able to understand technologies; their purpose; and their security requirements and data protection needs. The BISOs should also understand cyber threats, risk mitigation strategies, and the technical and procedural controls necessary reduce these risks.
Major Responsibilities:
Risk Management
Maintain strategic relationships with key stakeholders to build security and privacy in business objectives and IT processes.
Lead their security risk management program, using IPS provided tools and templates, to assure the presence and effectiveness of administrative, technical, and physical controls.
Guide risk-based decisions by appropriate decision-makers that focus on preventing or correcting identified security and privacy risks through implementation of reasonable controls.
Provide leadership and oversight for any acquisition or divestiture due diligence efforts
Represent IPS needs in strategic planning, budgeting, and work prioritization.
Collaborate with other security leaders to ensure program consistency.
Stay abreast of new laws, regulations and standards, and assess their impact to the business.
Issues Tracking and Resolution
Respond to potential security threats and lead any event response activities.
Partner with corporate departments and/or external entities (e.g., law enforcement) as required to facilitate rapid response to security events.
Partner with HR Director, FPO, Legal, and ECO on cross-disciplinary incident investigation and reporting.
Partner with IT colleagues to assure ongoing maturity of IT operational security controls.
Lead follow-up education and consultation activities for workforce members with risky behaviors and/or behaviors that violate IPS policies and standards.
Execution
Lead and coordinate the implementation of process and technology changes necessary for program compliance.
Review and approve security exception requests.
Ensure proper vendor contracts and security terms are in place for systems, devices, and services.
Build and maintain relationships necessary to influence decisions that protect the company.
Educate workforce members on how to reduce or eliminate risky behaviors.
Partner with appropriate business and IT leadership to help ensure systems, services, and devices receive appropriate assessments and remediation as part of local on-boarding processes.
Partner with business and IT leadership to ensure proper controls are in place for existing vendor-maintained solutions.
Communication
Presentation of IPS program objectives, project statuses, and current risks to appropriate leadership and other stakeholders
Facilitate, and lead where appropriate, IPS communication and awareness activities.
Performs other duties as assigned
Education & Experience:
Bachelor's degree required
Master's degree preferred
10+ years of experience in information security or security risk management fields required
4+ years of experience working with business leadership and enterprise projects required or equivalent combination of education and/or experience
Licenses, Certifications, & Training:
CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy required
Required Knowledge, Skills, Abilities, Behaviors:
Experience in some combination of audit, risk management, information security, privacy, and information technology.
Experience in marketing technologies (e.g., CRM, CMS, SEO) preferred
Experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices
Experience with relevant regulations (e.g., HIPAA, SOX, PCI, GLBA, FERPA) and applying these to identify appropriate controls necessary to maintain complianc
Strong leadership skills, personal drive, and the ability to see projects through to execution in a matrixed environment.
Demonstrated experience in building and maintaining positive relationships at all levels of the organization.
Exceptional communication, presentation, and interpersonal skills with executive management.
Possesses confident leadership skills: decisiveness, assertiveness, with the ability to achieve results quickly.
Demonstrates a high degree of initiative, dependability, and the ability to work with minimal supervision.
Possesses a sense of responsibility and accountability - someone who takes ownership and initiative.
Creative thinker, always looking for a "better way" to deliver value; not stopped or discouraged by adversity.
Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions.
Maintains professional demeanor, appearance, and positive attitude.
Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.
Travel Required
Occasional Travel: The job may require travel from time- to-time, but not on a regular basis.
HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.
"There is so much good to do in the world and so many different ways to do it."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder
If you find this opportunity compelling, we encourage you to apply for our Marketing BISO opening. We promptly review all applications. Highly qualified candidates will be directly contacted by a member of our team. We are interviewing apply today!
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
