Hope in healing
Cancer Treatment Centers of America® (CTCA®) takes a unique and integrative approach to cancer care. Our patient-centered care model is founded on a commitment to personalized medicine, tailoring a combination of treatments to the needs of each individual patient. At the same time, we support patients’ quality of life by offering therapies designed to help them manage the side effects of treatment, addressing their physical, spiritual and emotional needs, so they are better able to stay on their treatment regimens and get back to life. At the core of our whole-person approach is what we call the Mother Standard® of care, so named because it requires that we treat our patients, and one another, like we would want our loved ones to be treated. This innovative approach has earned our hospitals a Best Place to Work distinction and numerous accreditations. Each of us has a stake in the successful outcomes of every patient we treat.
The Senior Cyber Security & Risk Administrator is responsible for performing detailed risk assessments on new and proposed systems that will handle CTCA data. Will also be responsible for addressing alerts from all of IT Security’s monitoring tools. This includes the enterprise logging, data loss prevention tools, and vulnerability scanning tools. They will be responsible for tracking and pursuing remediation on all items in the Risk Management Log. They will mentor the Risk Administrator with response to this material as appropriate: correcting technical issues, escalating application problems, escalating business process issues, or identifying false positives. They will be responsible for assessing and escalating issues as appropriate.
The position will participate in policy development, project management, and will be able to act as back-up for the IT Security Director.
- Performing detailed risk assessments upon all systems that are to contain CTCA data, whether on prem or cloud based. These risk assessments include guiding prospective partners through a risk questionnaire which covered numerous security topics and regulatory requirements. The assessments will be tracked, and reviewed on a regular basis, and updated as appropriate.
- Administers the enterprise logging and data loss prevention tools so as to enable efficient identification of issues requiring escalation. Identify events as acceptable business practice, or a "false positive".
- Assists with investigations requiring data from the enterprise logging, data loss prevention, and other security tools.
- Participating in penetration testing, security audits, and investigations in support of business objectives, compliance, and best practices.
- Represent Information Security Team in projects, and ensure adherence to CTCA Security policies, standards, and protocols.
- Keep current with evolving security threats, and remediation techniques.
- Maintain the enterprise risk registry
- Generate risk reports for senior leadership
- Associate’s Degree in Computer Science or Computer Engineering is required; a Bachelor’s Degree in Computer Science or Management is preferred.
- Certified Information Systems Security Professional (CISSP) is preferred.
- Cisco Certified Security Professional (CCSP) is preferred.
- Cisco and Microsoft Network certifications are preferred.
- 8+ years of IT experience is required; 5 of those years working in the area of Information Technology Security.
- Experience performing in-depth security investigations is required
- Experience with performing either security audits, or risk assessments is required.
Knowledge and Skill Requirements
- Detailed knowledge of HIPAA and PCI security requirements
- Advanced understanding of NIST security standards
- Familiarity with applicable practices and laws regulating data privacy and protection
- Advanced knowledge of current threat landscape, and the ability to stay current on risk issues
- Advanced knowledge of cloud-based security issues
- Advanced knowledge of application security best practices
- Advanced knowledge of network security best practices
- Advanced knowledge of endpoint and server best practices
- Ability to identify and recommend compensating controls for identified security risks
- Hands-on knowledge of data loss prevention systems, vulnerability scanners, centralized logging / SEIM tools, and other security infrastructure components
- Superior communication skills, with the ability to translate security related issues to non-technical personnel.