At its founding in 1968, Nashville-based HCA was one of the nation's first hospital companies. Today, one of the nation's leading providers of healthcare services, HCA is comprised of locally-managed facilities that include more than 250 hospitals and freestanding surgery centers in 20 states and the United Kingdom, employing approximately 233,000 people. Approximately four to five percent of all inpatient care delivered in the country today is provided by HCA facilities resulting in more than 26M patient encounters each year. HCA is committed to the care and improvement of human life and strives to deliver high quality, cost effective healthcare in the communities we serve. Building on the foundation provided by our Mission & Values, HCA puts patients first and works to constantly improve the care we provide by implementing measures that support our caregivers, help ensure patient safety and provide the highest possible quality.
• Ranked 63 in Fortune 500
• Competitive Fortune 100, industry matched salaries and yearly merit increase
• Computerworld Top 50 Best Places to Work in IT since 2009
• Named one of the “World’s Most Ethical Companies” since 2010 JOB SUMMARY
The Consulting Information Protection Analyst works alone or with a wide range of IT departments, business partners, and key stakeholders to transform Information Protection and Security’s medical device security strategies into solutions that protect the confidentiality, integrity, and availability of medical device systems and information. He or she serves as a liaison between business owners, stakeholders, IPS leadership, and IT&S leadership. This person is responsible for the assisting with the planning, communication, and delivery management of key medical device security initiatives within Information Protection & Security. The Consulting Information Protection Analyst will serve as a subject matter expert on medical device security principles and the solutions being implemented. They are accountable for performing or leading a team through a wide range of tasks, including: participating in strategy planning; driving requirements definition; product selection; project initiation; implementation planning; pilot; and enterprise deployment. This person must establish credibility with other business owners, stakeholders, IPD leadership, and IT&S leadership. They are responsible to each of these groups to clearly identify and articulate solutions and build consensus to select and drive the implementation of solutions and processes required to realize the company’s medical device security strategies. The Consulting Information Protection Analyst will also be the evangelist that will help other organizations plan and drive action plans to protect their sensitive information and systems. A key strength to this position will need to demonstrate a strong understanding of information protection subject areas, including medical device security, and be able to communicate to both technical and business owners. This senior person will work directly with the IPS Strategy and Governance organization and IT&S Information Security to identify, document, and communicate strategies and action plans. They will then drive the execution of the strategy. • Serve as primary lead for driving the implementation of new or refined processes, technologies, policies, and standards that improve the cybersecurity of medical devices, industrial control systems, and other key Information Protection & Security initiatives as assigned. • Strategize, gain support and approval, and remove obstacles necessary to support the successful implementation of assigned medical device security initiatives. • Research, consult, and evaluate security risks to assigned medical device security initiatives; provide recommendations and leadership towards remediating or mitigating identified risks. • Serve as the primary point of contact and subject matter expert for assigned medical device security initiatives.
• Provide leadership and contribution in all phases of assigned projects to include but not limited to: project charter development, business case creation, vendor review and selection, post-process improvement, and representing the project during governance reviews. • Develop and lead communication, as well as develop and foster relationships, within all business units on assigned medical device security projects, initiatives, and priorities across a variety of audiences including IT&S and non-IT&S Executive Leadership, management, and staff. • Provide leadership, team management, and delivery management for assigned medical device security initiatives. • Serve as a subject matter expert on medical device security principles, policies, and standards; maintain a general knowledge on other, unassigned Information Protection & Security initiatives being implemented. EXPERIENCE
Qualified candidates must have 7+ years of relevant work experience. EDUCATION College Graduate Required Undergrad
Other as Noted: Experience may be substituted for education. SPECIAL QUALIFICATIONS
• Experience in some combination of audit, risk management, information security, privacy, and information technology in a healthcare environment.
• Solid experience with and knowledge of Federal, HIPAA and other healthcare security regulations.
• The ability to create strong relationships – at all levels.
• Excellent written and verbal communication skills; interpersonal and collaborative skills; the ability to communicate privacy, security, and risk-related concepts to technical and nontechnical audiences; persuasive, encouraging, motivating, and inspiring; the ability to listen and understand.
• Experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices.
• Exposure to strategy, management, and/or operations in a number of healthcare and/or business functional areas.
• Independent, yet collaborative; respected by peers and others.
• The ability to think and act: decisiveness, assertiveness, with the ability to achieve results quickly.
• High degree of initiative, dependability, and the ability to work with minimal supervision.
• A sense of responsibility and accountability – someone who takes ownership and initiative.
• Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.
• Mission Motivated – intent on making a positive difference in HCA’s primary mission – care of human life – through our work.
• Respect for diversity of experience, characteristics, viewpoints, and opinions.
• Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.
• Professional demeanor, appearance, and positive attitude.
• Ability to define, learn, understand, and apply new technologies, methods, and processes.
• Proven project and performance management skills.
• CISSP preferred
• Other certifications such as CISA, HCISPP, CHC, CHPC, CHSP, and/or CISM are beneficial.
PHYSICAL DEMANDS/WORKING CONDITIONS Normal work environment is an office with Windows PCs, various meetings, etc…
Position may require periodic after hours work and moderate travel at times with little notice.