3rd Party Assurance Manager at AdventHealth

Date Posted: 6/22/2019

Job Snapshot

  • Job Schedule
    Full-Time
  • Job Category
  • Date Posted:
    6/22/2019
  • Job ID:
    19003777
  • Job Family
    Information Systems
  • Travel
    No
  • Shift
    1 - Day
  • Application Zone
    1-Shared Services
  • Organization
    AdventHealth Information Technology

Job Description


Description

3rd Party Assurance Manager

AdventHealth Information Technology

Location Address: Inspiration Avenue, Altamonte Springs FL

Top Reasons To Work At AdventHealth Corporate

•         Great benefits

•         Immediate Health Insurance Coverage

•         Career growth and advancement potential

•         Award-winning IT Department

Work Hours/Shift:

Full-Time, Monday – Friday

 

You Will Be Responsible For:

•         Work collaboratively with department and organizational leadership to define and manage 3rd Party Assurance best practices

•         Establish key performance metrics and report on effectiveness of processes toward achieving goals

•         Develop and enhance vendor toolkit(s) including: risk tier and risk score

•         Develop and continually enhance vendor assessment questionnaires

•         Provide direction and oversight of 3rd Party Information Security workflows, assessment gaps, information security risks, risk levels and remediation recommendations

•         Oversee and direct a variety of security risk assessments with the 3rd party, providing advisory support to the team and corporate sponsors on the evaluation of risks, development of remediation plans, and work with stakeholders to define and implement process enhancements

•         Oversee and direct vendor remediation planning negotiations

•         Partner with stakeholders to ensure assessments are addressing current and emerging threats, to bring the organization’s information security risks under explicit management control and build assessment and process awareness for sponsors and stakeholders within the organization

•         Drive the enhancement and use of Governance, Risk, and Compliance technology-based tools to review, design and/or deliver services

•         Mentor team members on information security controls, standards, and best practices related to information security and compliance e.g., PCI-DSS and HITRUST with standards, laws, and regulations e.g., AICPA and HIPAA

•         Exercise professional judgment by evaluating information, making recommendations, and maintaining confidentiality of data per ADH policies, avoiding conflict of interests

•         Assist internal/external auditors with special projects or assessments whenever needed

•         Lead and actively support mentoring relationships within the team, department and organization.

•         Ability to elicit and understand customer needs


Qualifications

KNOWLEDGE AND SKILLS REQUIRED:

•         Risk management and compliance program development leveraging HIPAA, FERPA, PCI DSS, Meaningful Use (MU), Information Security awareness, policy and standards

•         3rd Party Assurance Program

•         Information Security Standards and Frameworks such as HITRUST, NIST, and PCI-DSS

•         Strong background in IT service functions such as technical security, network engineering, application development, server administration, database administration, user account administration, identity and access management, and end-point device management

•         Enterprise-wide Information Security controls, IT processes, procedures, testing concepts, and audit reporting

•         Cloud-based application/environment security requirements

•         Interpretation of Generally Accepted Auditing Standards (GAAS), and/or SSAE-16/18 reports

•         Complimenting assessments with the knowledge of various technologies to help AHS achieve its information security compliance objectives

•         Negotiation of remediation planning and efforts with the 3rd party

•         Effective verbal and written communication of concerns and recommendations to leadership 

•         Multi-tasking, prioritization, time management, decision making, project management, presentation, and strong interpersonal relationship building

•         Large enterprise system platforms such as EMR/EHR, PeopleSoft, Oracle databases, Windows and UNIX/LINUX

•         Strong background in IT, information security, applications, and/or data centers

•         Cloud-based application/environment security requirements

•         Build and actively support mentoring relationships within the team, department and organization

•         Leadership in eliciting and understanding customer needs

KNOWLEDGE AND SKILLS PREFERRED:

•         GRC tool development and implementation (Keylight/Archer, highly desirable).

•         Project Management

•         Change Management

EDUCATION AND EXPERIENCE REQUIRED:

•         Bachelor’s degree in Science in Information Security, Information Systems or another related field

•         Ten or more years of experience with Information Security risk assessments or 3rd Party Assurance, and/or Compliance programs

EDUCATION AND EXPERIENCE PREFERRED:

•         Master’s degree - Computer Sciences, Information Systems, Cybersecurity or Business Administration

•         Seven or more years of experience in Information security audit and compliance initiatives within large complex organizations

•         Five or more years of experience in a healthcare environment

 

LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:

One or more of the following:

•         Certified Information Systems Security Professional (CISSP)

•         Certified Information Systems Auditor (CISA)

LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:

  • Project Management Professional (PMP)

•         PROSCI Certified Change Practitioner

  • Certified Information Security Manager (CISM)

 

Summary:

The 3rd Party Assurance - Manager, as part of the Enterprise Security team will safeguard information system assets by developing an understanding of the security requirements of AdventHealth (ADH) 3rd parties and their information systems to identify potential or actual security compliance issues. The 3rd Party Assurance Team supports the business in assessing 3rd parties that may access, process, transmit and/or store AdventHealth Data such as Protected Health Information (PHI), Payment Card Industry (PCI), or Personally Identifiable Information (PII). 



This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.

VIEW ALL JOBS BY:
Location | Organization | Category | Job Function