Information Security Lead

Shift: Day
Schedule: Full - Time Regular

Network Security Lead

Ardent Health Services invests in people, technology, facilities and communities, producing high-quality care and extraordinary results. Based in Nashville, Tennessee, Ardent’s subsidiaries own and operate 31 hospitals in seven states with more than 25,000 employees including 1,150 employed providers. Ardent facilities exceed national averages in Overall Hospital Quality Star Rating as ranked by the Centers for Medicare & Medicaid Services; 89 percent of its hospitals received a three-star rating or above in comparison with 73 percent of all hospitals ranked. Seven of the company's hospitals were recognized by Modern Healthcare as "Best Places to Work" in 2017 – more than any other system in the country. Ardent's corporate office was named "Top Work Places" for Nashville based companies in 2017 and 2018. 

We have an exciting opportunity to join our Information Technology team as a Network Security Lead.

 

The Information Security Lead is responsible for both working independently and leading a team of engineers in analyzing a broad range of applications, network, and security architectures for the enterprise in order to ensure the security, integrity, and regulatory compliance of critical information transmitted over the network or in storage.  This person will work to integrate user authentication and authorization with the enterprise Active Directory where possible. This person will be responsible for documentation of engagement SOWs, business requirements, technology requirements, designs, and recommendations made as a project resource for Information Security.  A person in this position will be required to understand the operations performed by other groups within Information Security and identify the potential for long-term  operational involvement on any implementations resulting from a project

Essential Duties:

  • Serves as an internal information security consultant to the enterprise while balancing the needs of the day-to-day business.
  • Research and recommend solutions that meet security standards while ensuring functionality for business continuity.
  • Leads enterprise-wide definition, establishment, and maintenance of data security-related infrastructure, applications, and processes.
  • Lead a team of security engineers through any project.
  • Mentor security engineers in their professional growth.
  • Develop security test scenarios for unit, process, function, integration, and acceptance testing.
  • Design and develop integration schema and linkage for multi-platform business and technological solutions.
  • Evaluates the security of new technologies and assist with the plan to integrate them into the company environment.
  • Develop disaster recovery and contingency plans for Information Security projects and participate in DR planning for other projects.
  • Recommend best practices for security controls without hindering functionality.
  • Define the minimum security configuration for all IT systems.
  • Evaluates new and proposed security systems and technologies.
  • Reviews, develops, test, and implements security plans, products, and control techniques.
  • Translates security standards to project teams.
  • Assist with vulnerability and intrusion assessments.
  • Develops guidelines for the usage, control, maintenance, and auditabitity  of information and computer resources.

Requirements:

Education/Experience

  • BS/BA degree or equivalent technical training and experience,
  • Security certifications a plus.
  • A minimum of 6 years of progressive Information Security experience.
  • Demonstrates the core values of inquisitive, passionate, positive attitude, and team-minded.
  • In-depth understanding of current legal and regulatory requirements around information security and privacy, including Sarbanes-Oxley (SOX), HIPAA, GLBA, etc.
  • Working knowledge of Microsoft Active Directory
  • Ability to analyze all layers of the OSI model from the security stance
  • Working knowledge of Linux, AIX, etc.
  • Prepare and present  plans / designs  to IT and business leaders
  • Advocate the integration of solutions into the enterprise directory structure
  • Familiarity with information security forensics
  • In depth  knowledge of networking technologies and architecture
  • Excellent  problem solving  ability
  • High degree of  self motivation
  • Excellent written and oral skills
  • Competent using the Microsoft Office suite of products

Additional RequirementsKnowledge, Skills and Attributes 

  • Federal and state laws regarding  security  and privacy of electronic information assets, within the context of the healthcare  industry  is highly preferred (e.g., HIPAA, Sarbanes-Oxley, etc.);
  • Industry security standards (e.g., NIST), with healthcare industry standards such as CMS, JCAHO, etc. is required;
  • Platform independent information security policy and standards
  • E-commerce/e-business security related strategies, policies  and  standards
  • Enterprise security awareness program practices that incrementally create organizational security awareness and education;
  • Compliance programs to help ensure conformity with established enterprise security policies, practices, and standards
  • Risk assessment processes for the protection of electronic information assets and large-scale
  • Wide Area Network and multiple platform environments with both decentralized and centralized focuses.
  • Superior analytical skills to identify  high risk  security breach opportunities with the ability to develop solutions to prevent, correct, detect, or mitigate security risks via people, processes  and  technology
  • Ability to relate business requirements and risks to technology implementation for security-related activities
  • Ability to collaborate with IT&S and business area professionals to identify/recommend applicable security practices/controls rather than dictating security methods
  • Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities, while continuing to emphasize quality patient care;
  • Strong customer service focus and ability to manage client (e.g., facility) expectations;
  • Solid project management and collaboration skills, especially in a cross-functional dynamic team environment;
  • Excellent oral and written communication skills with the ability to present and discuss technical information in a manner that establishes rapport ,  persuades others ,  and allows the individual to increase understanding of subject matter

Other Factors

  • Must be willing to travel occasionally
  • Must be willing to respond to security issues 7x24

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.