20 days old

3rd Party Assurance Manager

AdventHealth
Altamonte Springs, FL 32701
  • Job Code
    9006_20021230

Description

TPRM and PCI - Manager

AdventHealth Information Technology

Location Address:Altamonte Springs, FL

Top Reasons To Work At AdventHealthCorporate

Great benefits

Immediate Health Insurance Coverage

Career growth and advancement potential

Award-winning IT Department

Work Hours/Shift:

Full-Time, Monday Friday

You Will Be Responsible For:

Work collaboratively with department and organizational leadership to define and manage TPRM best practices

Establish key performance metrics and report on effectiveness of processes toward achieving goals

Develop and enhance vendor toolkit(s) including: risk tier and risk score

Develop and continually enhance vendor assessment questionnaires

Provide direction and oversight of TPRM workflows, assessment gaps, information security risks, risk levels and remediation recommendations

Oversee and direct a variety of security risk assessments with the 3rd party, providing advisory support to the team and corporate sponsors on the evaluation of risks, development of remediation plans, and work with stakeholders to define and implement process enhancements

Oversee and direct vendor remediation planning negotiations

Partner with stakeholders to ensure assessments are addressing current and emerging threats, to bring the organizations information security risks under explicit management control and build assessment and process awareness for sponsors and stakeholders within the organization

Drive the enhancement and use of Governance, Risk, and Compliance technology-based tools to review, design and/or deliver services

Mentor team members on information security controls, standards, and best practices related to information security and compliance e.g., PCI-DSS and HITRUST with standards, laws, and regulations e.g., AICPA and HIPAA

Oversee the PCI project team, anticipate PCI issues, report/manage internal escalations, provide guidance to support the development and maintenance of PCI requirements, as well as manage relationships with QSAs, Merchant Acquirers, and processors.

Oversee System and Organization Control Reports (SOC) engagements with external 3rd party.

Exercise professional judgment by evaluating information, making recommendations, and maintaining confidentiality of data per ADH policies, avoiding conflict of interests

Assist internal/external auditors with special projects or assessments whenever needed

Lead and actively support mentoring relationships within the team, department and organization.

Ability to elicit and understand customer needs

Qualifications

KNOWLEDGE AND SKILLS REQUIRED:

Risk management and compliance program development leveraging HIPAA, FERPA, PCI DSS, Meaningful Use (MU), Information Security awareness, policy and standards

TPRM Program

Information Security Standards and Frameworks such as HITRUST, NIST, and PCI-DSS

Strong background in IT service functions such as technical security, network engineering, application development, server administration, database administration, user account administration, identity and access management, and end-point device management

Enterprise-wide Information Security controls, IT processes, procedures, testing concepts, and audit reporting

Cloud-based application/environment security requirements

Interpretation of Generally Accepted Auditing Standards (GAAS), and/or SSAE-16/18 reports

Complimenting assessments with the knowledge of various technologies to help AHS achieve its information security compliance objectives

Negotiation of remediation planning and efforts with the 3rd party

Effective verbal and written communication of concerns and recommendations to leadership

Multi-tasking, prioritization, time management, decision making, project management, presentation, and strong interpersonal relationship building

Large enterprise system platforms such as EMR/EHR, PeopleSoft, Oracle databases, Windows and UNIX/LINUX

Strong background in IT, information security, applications, and/or data centers

Cloud-based application/environment security requirements

Build and actively support mentoring relationships within the team, department and organization

Leadership in eliciting and understanding customer needs

KNOWLEDGE AND SKILLS PREFERRED:

GRC tool development and implementation (LockPath, highly desirable).

Project Management

Change Management

EDUCATION AND EXPERIENCE REQUIRED:

Bachelors degree in Science in Information Security, Information Systems or another related field

Ten or more years of experience with Information Security risk assessments or TPRM, and/or Compliance programs

EDUCATION AND EXPERIENCE PREFERRED:

Masters degree - Computer Sciences, Information Systems, Cybersecurity or Business Administration

Seven or more years of experience in Information security audit and compliance initiatives within large complex organizations

Five or more years of experience in a healthcare environment

LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED:

One or more of the following:

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:

  • Internal Security Assessor (ISA)
  • PCI Professional (PCIP)(ISA)
  • Project Management Professional (PMP)

PROSCI Certified Change Practitioner

  • Certified Information Security Manager (CISM)

Summary:

Third Party Risk Management (TPRM) and PCI - Manager, as part of the Enterprise Security team will safeguard information system assets by developing an understanding of the security requirements of AdventHealth (ADH) 3rd parties and their information systems to identify potential or actual security compliance issues. The TPRM Team supports the business in assessing 3rd parties that may access, process, transmit and/or store AdventHealth Data such as Protected Health Information (PHI), Payment Card Industry (PCI), or Personally Identifiable Information (PII).

This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.





Posted: 2020-11-09 Expires: 2020-12-08
Sponsored by:
ADP Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

3rd Party Assurance Manager

AdventHealth
Altamonte Springs, FL 32701

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast