Posted: Saturday, February 25, 2017 1:44 AM
At its founding in 1968, Nashville-based HCA was one of the nation's first hospital companies. Today, one of the nation's leading providers of healthcare services, HCA is comprised of locally-managed facilities that include more than 250 hospitals and freestanding surgery centers in 20 states and the United Kingdom, employing approximately 230,000 people. Approximately four to five percent of all inpatient care delivered in the country today is provided by HCA facilities resulting in more than 26M patient encounters each year. HCA is committed to the care and improvement of human life and strives to deliver high quality, cost effective healthcare in the communities we serve. Building on the foundation provided by our Mission & Values, HCA puts patients first and works to constantly improve the care we provide by implementing measures that support our caregivers, help ensure patient safety and provide the highest possible quality.Additional Facts:Ranked 63 in Fortune 500Competitive Fortune 100, industry matched salaries and yearly merit increaseComputerworld Top 50 Best Places to Work in IT since 2009Named one of the “World’s Most Ethical Companies” since 2010106 HCA hospitals are on The Joint Commission’s list of top performers on key quality measures Summary of Duties The Zone Facility Information Security Official (FISO) is responsible for leading, driving and, in some cases, implementing Information Security (IS) activities and measures in company facilities supported by the division, under the supervision of the Division Director of Information Security Operations (DISO). Facilities These include hospitals, company-managed physician offices, Consolidated Service Centers (CSCs), Ambulatory Surgery Division (ASD) centers and certain other facilities in the division. Depending on the IT model and complexity of the division, the Zone FISO may be assigned to lead and drive IS activities in a few facilities or possibly all facilities in a market or division. IS Activities These activities are part of the enterprise (company-wide) and division-specific IS programs and operations. IS activities at the facility-level are primarily based on: (a) ongoing IS work and expectations outlined in the company's IS policies, standards, and guidance documents, (b) new and/or prioritized IS work in the Facility IS Action Plans from the Corporate IS Department, and (c) IS aspects in projects from the IS Department, IT&S Department, Business Units and Division. Enterprise IS Program The enterprise (company-wide) IS program is led by the VP & CISO and IS Department in IT&S. Together with the DISO, the Zone FISO is the "face" of the enterprise and division IS programs to facility leadership, workforce members, and other people and entities (e.g., physicians and certain vendors) affiliated with the facility. The Zone FISO is responsible for implementing the company's organizational IS agenda, championing improvements to reduce IS risks to patients and business operations in the facility, and serving as a bridge between the division and the facility. Division IS Program The division IS program is led by the DISO. The division program includes implementation plans and activities for the enterprise IS Program and projects, and division-specific IS plans, activities and projects. Like the enterprise IS Program, the Zone FISO is responsible for leading, driving and ensuring the division IS program is implemented in the Zone FISO's assigned facilities. Facility IS Program Generally, the facility IS program and facility IS activities are based on implementation and ongoing, operational compliance with company IS requirements. These activities include both Information Technology (IT) and non-IT related areas. In addition, all facility workforce members have a role regarding IS. The Zone FISO is responsible for leading, driving and helping the facility and facility workforce members appropriately comply with the company's IS requirements. Approach The Zone FISO drives the results the company wants by extending the reach of the enterprise IS program into facilities. This includes developing IS processes, building staff awareness and competencies for security, and effectively collaborating across boundaries to ensure enterprise IS goals and company priorities are met and business value is realized. Relationships This role requires extensive focus on building and expanding relationships with key stakeholders such as Facility leadership, Facility workforce members, Physicians, Division leadership, Division IT team, other Zone FISOs, IS department, business partners and vendors, and other people and entities who support the IS objectives and activities at the facility. Other The Zone FISO must have and will use a combination of skills including IT technical skills, IS knowledge, people relating skills, written and verbal communication skills, interpersonal skills and the ability to develop, communicate and follow processes to get technical and non-technical work accomplished. Duties Include But Are Not Limited To Lead, drive and implement (where appropriate) IS activities in the facility Provide leadership, drive implementation and drive ongoing compliance in the facility with IS requirements including IS policies and standards, HIPAA Security activities, Facility IS Action Plans, division IS program activities, enterprise IS program, and facility-specific needs. In conjunction with the appropriate division and facility teams, address IS issues identified by the facility, by the division, by corporate groups including Internal Audit or the IS Department, and by outside entities including auditors (e.g., CMS HIPAA Security audits). Work with Facility leadership, HDISs, LSCs, and facility staff to drive the accomplishment of IS goals. Help coordinate non-IT IS work and responsibilities at the facility. Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IS issues are applied appropriately and consistently. Bridge the distance between the HCA information security group and the facility through collaboration, coordination, communication, and operating as part of each. IS Account Management For facility and department managed applications, ensure that application administrators are aware of and adhere to company account management requirements. Ensure Appropriate Access and other user access reviews occur in the facility in accordance with company guidelines. IS Project Execution Lead and coordinate implementation of IS technologies and projects in the facility. Ensure progress and completion of identified tasks in the Facility Information Security Plan. Issues Tracking and Resolution Track and drive resolution of facility IS issues. Provide technical expertise to resolution of IS issues in the facility. Coordinate facility troubleshooting of issues and questions. Support and coordinate incident response activities involving the facility. Monitor resolution of IS alerts in the facility (e.g., Spyware, SMART anomalies, invalid Social Security Numbers). Respond to user related threat events in the facility by working with the respective department manager to facilitate user awareness. Ensure issues in IS reports are addressed (e.g., SAPortal reports, Passport reports, SecurID activity reports, Internal Audit Self-Monitoring Report). In conjunction with the division IT team, ensure corporate-mandated service packs, patches and hotfixes are applied to facility servers and workstations within the defined time periods. Provide facility-level reporting to the DISO to identify and act on facility-specific IS issues. IS Risk Management Lead risk management processes and decision-making involving each facility, within the framework established in the enterprise IS program. Ensure the designated facility committee (e.g., Facility Security Committee, Facility Ethics & Compliance Committee) receives, documents, tracks, investigates and acts on suspected IS breaches and complaints. Perform walkthrough of the facility to identify potential or actual IS issues on at least a quarterly basis (e.g., physical security of MDF/IDFs; active sessions on unattended workstations; posted passwords). Work with facility personnel and the DISO to complete, submit, and track Security Exception Request Forms (SERFs). Team with facility and division personnel to remediate system issues that are noted in approved SERFs. IS Vendor Systems Security Coordinate IS activities with vendors at the facility. Ensure proper vendor contracts are in place for division and facility IT systems and services. Ensure division and facility-specific IT systems and services receive proper assessments before implementation. Ensure implementation of specified IS architectures for enterprise vendors (e.g., anti-virus, logging, auditing, authentication, authorization, configuration management, encryption and remote access management/monitoring). Ensure vendor systems use approved connectivity, remote management and monitoring. IS Communication Facilitate, and lead where appropriate, IS communication and awareness in the facility. Coordinate with the facility HR and training departments to ensure that periodic workforce training includes company-required IS content (e.g., protection from malicious software; procedures for monitoring log-in attempts and reporting discrepancies; procedures for creating, changing, and safeguarding passwords; procedures for reporting security incidents). Represent Facility IS Needs to Division Serve as the advocate for IS in facility planning. Represent facility needs in division strategic planning, budgeting and work prioritization. Identify development in the IT&S IS department services and operations needed to resolve IS operational issues in the facility. Support division IS initiatives and the DISO Assist the DISO in driving key elements in the enterprise and division IS programs at the facility level. Other Adheres to the Code of Conduct and Mission and Value Statements Assists with other duties as assigned.
Click here for more info: https://hca.taleo.net/careersection/0hca/jobdetail.ftl?job=25324-10534&lang=en
• Location: North DFW
• Post ID: 47872454 northdfw