Information Security Assurance Assessor

Mercy Health - Richmond, VA

posted 12 days ago

Full-time - Mid Level
Remote - Richmond, VA
Ambulatory Health Care Services

About the position

The Cybersecurity Assurance Assessor at Bon Secours Mercy Health is responsible for evaluating the system and network environments of the health system to implement effective cybersecurity programs and strategies. This role involves determining security controls, managing compliance assessments, and conducting comprehensive assessments of security controls to ensure adherence to industry standards and regulations. The position is remote, requiring the candidate to reside within the continental US and work eastern time zone hours.

Responsibilities

  • Communicates and ensures programs are in compliance with applicable laws, regulations, policies, and standards.
  • Serve as subject matter expert to internal business and technology teams on compliance standards influenced by regulatory mandates.
  • Actively participate and manage various assessments such as HITRUST, PCI Compliance, HIPAA Risk Assessment, SOC2 Type2.
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend corrective actions.
  • Document best practices for security and information assurance based on business and user requirements.
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
  • Conduct risk analysis whenever an application or system undergoes a certification process.
  • Provide input into the Risk Management Framework process activities and related documentation.
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks.
  • Develop methods to monitor and measure risk, compliance, and assurance efforts.
  • Perform internal control testing and ensure remediation plans are in place for identified vulnerabilities.
  • Contribute to other Information Risk and Assurance programs and functions as needed.
  • Accountable for the reporting of key metrics as defined by the program.

Requirements

  • Bachelor's Degree in Business, Computer Science, Information Systems, or a healthcare-related field (required).
  • Licensing/Certification: HITRUST CCSFP and/or PCI-P (required); PCI-ISA, CISSP, CRISC, CISM or GSLC preferred.
  • Minimum of 5+ years' relevant work experience in information security and/or services in a multi-facility organization.
  • 2+ years' experience as a Security Control Assessor.
  • 2+ years' experience managing external assessments such as HITRUST, PCI Compliance, HIPAA Risk Assessment, SOC2 Type2.
  • 1+ years' experience with project management.
  • 1+ years' working remotely.

Nice-to-haves

  • SANS GIAC certifications (preferred).
  • Experience in clinical or health care operations.

Benefits

  • Comprehensive, affordable medical, dental and vision plans
  • Prescription drug coverage
  • Flexible spending accounts
  • Life insurance w/AD&D
  • Employer contributions to retirement savings plan when eligible
  • Paid time off
  • Educational Assistance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service