Information Protection and Security Manager - HCA Healthcare

Description

Introduction

Do you want to join an organization that invests in you as a Information Protection and Security Manager? At HCA Healthcare, you come first. HCA Healthcare has committed up to $300 million in programs to support our incredible team members over the course of three years.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
  
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
  
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
  
• Family support through fertility and family building benefits with Progyny and adoption assistance.
  
• Referral services for child, elder and pet care, home and auto repair, event planning and more
  
• Consumer discounts through Abenity and Consumer Discounts
  
• Retirement readiness, rollover assistance services and preferred banking partnerships
  
• Education assistance (tuition, student loan, certification support, dependent scholarships)
  
• Colleague recognition program
  
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
  
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits

Note: Eligibility for benefits may vary by location.

You contribute to our success. Every role has an impact on our patients’ lives and you have the opportunity to make a difference. We are looking for a dedicated Information Protection and Security Manager like you to be a part of our team.

Job Summary and Qualifications

Are you ready to play a pivotal role in safeguarding the future of information security? As the IPS Field Operations Manager, you will lead the charge in transforming strategies into real-world solutions that protect patients, people, systems, and facilities across the organization.

In this dynamic role, you will assess, report, and enhance the effectiveness of information protection controls, ensuring that any gaps are quickly addressed. Working closely with leadership, you will monitor security events, assist in delivering high-impact security initiatives, and collaborate across departments to implement consistent, efficient solutions.

You'll be the vital link between security committees, business owners, local and corporate leadership, and key stakeholders, including physical security, access, and records teams. Your ability to build strong relationships and influence across various teams will be key in achieving IPS objectives.

You'll also manage and mentor a talented team, including Zone Facility Information Security Officials (ZFISOs), helping to foster a culture of security excellence and prepare for future leadership opportunities.

Skills Needed: Exceptional communication, leadership, and interpersonal abilities to guide teams and influence the direction of our Information Protection & Security programs.

If you're ready to take your career to the next level and make a lasting impact in a cutting-edge, security-driven environment, this is the role for you!

Major Responsibilities:

Risk Management

• Support implementation and management governance structures for each in-scope entity (e.g., Security Committees) to facilitate effective, efficient, and standardized approach to align with HCA Information Protection & Security Program (executive dashboards, agendas, minutes, etc.)
• Partner with FPO, ECO, physical security, and records coordinators on cross-disciplinary activities
• Identify, establish, and maintain strategic relationships with key stakeholders to help increase maturity of the IPS program throughout business or IT operational processes, projects, and other initiatives.
• Lead facility-specific information risk management programs to assure the maturity of administrative, technical, and physical controls using corporate-provided tools and templates.
• Partner with FPO and/or ECO to assure that entities are able to respond to time-sensitive notification by providing evidence of the administrative controls (e.g., documented operational procedures to comply with HIPAA.)
• Drive risk-based decisions by key decision-makers that focus on preventing (or correcting) identified security risks to the business through implementation of reasonable administrative, physical, and/or technical controls.
• Represent IPS needs in strategic planning, budgeting, and work prioritization.
• Collaborate with DISAs in other divisions and corporate IPS to ensure consistency of IPS program and solutions.

Issues Tracking and Resolution

• Manage operational processes that monitor and respond to potential security threats.
• Partner with corporate departments and/or external entities (e.g., law enforcement) as required to facilitate rapid response to security events.
• Partner with HR Director, Facility Privacy Official, Legal, and Ethics & Compliance Officer on cross-disciplinary incident investigation and reporting.
• Lead follow-up education and consultation activities for workforce members with risky behaviors and/or behaviors that violate IPS policies and standards.

Execution

• Round to build and strengthen relationships with workforce members at all levels and to educate staff on how to reduce or eliminate risky behaviors.
• Champion key elements in the enterprise and division IS programs (e.g., account management) to ensure that required processes are adopted and maintained.
• Lead and coordinate implementation and adoption of business process changes and technologies necessary to support IPS annual program goals or strategic objectives.
• Oversee processes for review and approval of user requests for high-risk access.

Vendor Systems Security

• Ensure proper vendor contracts are in place for assigned IT systems and services.
• Partner with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure division and facility-specific systems, services, and devices receive proper security assessments and remediation.
• Partner with business, purchasing, and IT leadership to ensure proper controls are in place for existing vendor-maintained solutions.

What qualifications you will need:

• Bachelor's degree - Required
• Master's degree - Preferred
• 7+ years of management experience - Required
• 7+ years of experience in security risk management, information security technologies, and/or hospital operations - Required

Licenses, Certifications, & Training:

• CISSP, CISA, HCISPP, CHC, CHPC, CHSP, CISM or other relevant certifications in information security or privacy - Preferred

Work Location/Schedule:

• Nashville, TN area (Brentwood Health Park)
• M-F in office

Travel:

• This job requires little to no travel

We are comprised of affiliated hospitals, physician practices and other sites of care across the United States and United Kingdom. The Sarah Cannon Cancer Network is transforming cancer care through integrated services and cutting-edge technologies. Our physicians can develop leading oncology programs to advance science and patient care. Providing physician-led patient care offers our doctors access to a national network of experts. This is where multidisciplinary teams come together with a goal of delivering seamlessly coordinated, quality cancer care. Through a united network of globally recognized oncology specialists, we collaborate and share best practices. We address each aspect of the cancer journey, from screening and diagnosis through treatment and survivorship, to advance our shared mission: Above all else, we are committed to the care and improvement of human life.

HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"Good people beget good people."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder

We are a family 270,000 dedicated professionals! Our Talent Acquisition team is reviewing applications for our Information Protection and Security Manager opening. Qualified candidates will be contacted for interviews. Submit your resume today to join our community of caring!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.