Consulting/Lead Information Protection Analyst

HCA   •  

Nashville, TN

Industry: Agriculture


8 - 10 years

Posted 381 days ago

At its founding in 1968, Nashville-based HCA was one of the nation's first hospital companies. Today, one of the nation's leading providers of healthcare services, HCA is comprised of locally-managed facilities that include more than 250 hospitals and freestanding surgery centers in 20 states and the United Kingdom, employing approximately 230,000 people. Approximately four to five percent of all inpatient care delivered in the country today is provided by HCA facilities resulting in more than 26M patient encounters each year.   HCA is committed to the care and improvement of human life and strives to deliver high quality, cost effective healthcare in the communities we serve. Building on the foundation provided by our Mission & Values, HCA puts patients first and works to constantly improve the care we provide by implementing measures that support our caregivers, help ensure patient safety and provide the highest possible quality.   Additional Facts: • Ranked 63 in Fortune 500
• Computerworld Top 50 Best Places to Work in IT since 2009
• Named one of the “World’s Most Ethical Companies” since 2010
• 106 HCA hospitals are on The Joint Commission’s list of top performers on key quality measures

The Consulting Information Protection Analyst works alone or with a wide range of IT departments, business partners, and key stakeholders to transform Information Protection and Security strategies into solutions that protect the confidentiality, integrity, and availability of systems and information. He or she serves as a liaison between business owners, stakeholders, IPS leadership, and IT&S leadership. This person is responsible for the assisting with the planning, communication, and delivery management of key initiatives within Information Protection & Security. This role will primarily focus on the protection of “big data” throughout the company.

The Consulting Information Protection Analyst will serve as a subject matter expert on Information Protection principles and the solutions being implemented. They are accountable for performing or leading a team through a wide range of tasks, including: participating in strategy planning; driving requirements definition; product selection; project initiation; implementation planning; pilot; and enterprise deployment. This person must establish credibility with other business owners, stakeholders, IPD leadership, and IT&S leadership. They are responsible to each of these groups to clearly identify and articulate solutions and build consensus to select and drive the implementation of solutions and processes required to realize the company’s information protection strategies. The Consulting Information Protection Analyst will also be the evangelist that will help other organizations plan and drive action plans to protect their sensitive information.

A key strength to this position will need to demonstrate a strong understanding of Information Protection subject areas and be able to communicate to both technical and business owners. This senior person will work directly with the IPS Strategy and Governance organization and IT&S Information Security to identify, document, and communicate strategies and action plans. They will then drive the execution of the strategy.


• Serve as the primary point of contact for assigned Information Protection & Security initiatives; primary responsibility for performing and/or driving implementation of key Information Protection & Security solutions to protect big data.

• Research, recommend, gain support and approval for, and drive implementation of technology and processes necessary to transform Information Protection & Security strategy into operational security solutions.

• Provide leadership, team management, and delivery management for assigned Information Protection & Security initiatives.

• Provide leadership in project conception and initiation including but not limited to: project charter development, business case creation, and representing the project during governance reviews.

• Lead a team through the process to evaluate vendors and perform product selection, including: RFI and RFP creation and scoring; proof of concept planning and execution; and final product selection
• Develop and lead communication within all business units on assigned Information Protection & Security projects, initiatives, and priorities across a variety of audiences including IT&S and non-IT&S Executive Leadership, management, and staff.

• Develop and foster relationships with business owners and stakeholders involved with Information Protection initiatives.

• Document and execute opportunities for process improvement and innovative process reengineering, including a focus on increasing and maximizing utilization of existing technology.

• Serve as a subject matter expert on Information Protection principles, policies, standards, and the solutions being implemented.


Qualified candidates will have 7+ years of relevant work experience.

Experience in security technologies, database management, project management, and/or Healthcare preferred.

College graduatepreferred;experience may be substituted foreducation.



• Experience in some combination of audit, risk management, information security, privacy, and information technology in a healthcare environment.
• Experience with Teradata, Cloudera, Azure and other big data platforms.
• Solid experience with and knowledge of Federal, HIPAA and other healthcare security regulations.
• The ability to create strong relationships – at all levels.
• Excellent written and verbal communication skills; interpersonal and collaborative skills; the ability to communicate privacy, security, and risk-related concepts to technical and nontechnical audiences; persuasive, encouraging, motivating, and inspiring; the ability to listen and understand.
• Experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices.
• Exposure to strategy, management, and/or operations in a number of healthcare and/or business functional areas.
• Independent, yet collaborative; respected by peers and others.
• The ability to think and act: decisiveness, assertiveness, with the ability to achieve results quickly.
• High degree of initiative, dependability, and the ability to work with minimal supervision.
• A sense of responsibility and accountability – someone who takes ownership and initiative.
• Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.
• Mission Motivated – intent on making a positive difference in HCA’s primary mission – care of human life – through our work.
• Respect for diversity of experience, characteristics, viewpoints, and opinions.
• Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.
• Professional demeanor, appearance, and positive attitude.
• Ability to define, learn, understand, and apply new technologies, methods, and processes.
• Proven project and performance management skills.
• CISSP preferred
• Other certifications such as CISA, HCISPP, CHC, CHPC, CHSP, and/or CISM are beneficial.

Job Code: 10201-22475