Manager, Information Security Audit & Compliance

Shift: Day
Schedule: Full - Time Regular

Ardent Health Services invests in people, technology, facilities and communities, producing high-quality care and extraordinary results. Based in Nashville, Tennessee, Ardent’s subsidiaries own and operate 31 hospitals in seven states with more than 25,000 employees including 1,150 employed providers. Ardent facilities exceed national averages in Overall Hospital Quality Star Rating as ranked by the Centers for Medicare & Medicaid Services; 89 percent of its hospitals received a three-star rating or above in comparison with 73 percent of all hospitals ranked. Five of the company's hospitals were recognized by Modern Healthcare as "Best Places to Work" in 2018 - the eleventh consecutive year an Ardent facility made this list. Ardent's corporate office was named "Top Work Places" for Nashville based companies in 2017 and 2018.

We have an exciting opportunity to join our information security team as a Manager, Information Security Audit & Compliance   focused on Access Management reviews and Sarbanes Oxley (SOX) compliance requirements.

Reporting to the AVP, Information Secuirty the Manager, Information Security Audit & Compliance  is responsible for ensuring that our company is adhering to any federal and state regulations relevant to its business regarding systems access. This position will also review and help enforce compliance with standards or regulations imposed by professional organizations or even our company’s internal guidelines. This may include conducting audits for systems in areas of accounting, finance, clinical operations, information technology or security.

T he Manager, Information Security Audit & Compliance  will work closely with upper management in department such as Information Security and Internal Audit, to review compliance procedures and processes and in some cases, will be responsible to help establish those standards.

The ideal candidate for this role will be able to work under minimum supervision, have an in-depth working knowledge of current security practices, regulations, standards, configurations and key technology. The Manager, Information Security Audit & Compliance will also work as a partner to the business to document and implement procedural requirements and then work to implement and monitor these configurations in all Ardent technology environments. The successful candidate strives to enforce security best practices, policies, standards and guidance to ensure the safeguard of proprietary data, physical infrastructure and resources from internal and external threats. The Manager, Information Security Audit & Compliance is required to maintain an extensive understanding of services provided to develop relationships throughout the organization to assist Information Security in accomplishing its goals for AHS.  

Primary Duties and Responsibilities

Oversee and Conduct Audits

The Manager, Information Security Audit & Compliance will manage both internal audits as well as provide assistance with external audits if necessary. This will include reviewing records, reports, software and any other relevant programs and activities affected by regulations. Following an audit, the Information Security Compliance Auditor will then make recommended changes to procedures or practices that are not in compliance with stated regulations and help to implement a plan to address such changes.

Identify Risks

As part of their responsibilities, the Manager, Information Security Audit & Compliance will analyze potential risks within specific areas of a company in order to avoid compliance issues. This might include reviewing risk assessment studies conducted by government agencies and professional organizations to gauge the possible risk potential of AHS.

Maintain Compliance Records

Keeping track of any violations reported against a company and responses and plans regarding these violations are the responsibilities of the Manager, Information Security Audit & Compliance. Conducting an analysis of existing compliance records and making any necessary updates would also fall under this category. Recording any compliance training by company employees is another aspect of maintaining compliance documents.

Additional Job Responsibilities (Including, but not limited to) are:

  • Supporting the AHS Identity and Access Management programs; recommending improvements.
  • Monitor normal activity, transactions and user access levels to ensure compliance and access justification.
  • Plan methodology and technology used to design, run and build Identity Governance and Administration and Identity and Access Management (IAM) systems.
  • Administer information security technology and solutions.
  • Interact with various departments, vendors, and extranet partners.
  • Works with other business units, partners and customers to maintain secure methods of data management.
  • Review existing system accounts to ensure that they are provisioned / de-provisioned on a timely basis with only authorized access levels and conduct process improvements as needed.


  • BS/BA degree or equivalent technical training.
  • 5+ years of IT audit experience required
  • 2+ years of SOX experience required
  • Security certifications are a plus. (CISA, CISSP, HCISPP)

Additional Requirements

  • Demonstrates the core values of inquisitive, passionate, positive attitude, and team-minded.
  • Good communication skills – Ability to take technical details and simplify for explanation with Project Management and Leadership
  • Prioritize tasks effectively to meet project deadlines and deliverables
  • Understanding of the technical components of a network infrastructure/architecture and their interactions.
  • SQL experience is a plus.
  • Active Directory experience is required.
  • Healthcare experience in an audit capacity is a plus.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.