OVERVIEW AND REPORTING RELATIONSHIP

Member of Security & Risk team, reporting to the Manager of Security & Risk. Responsible for safeguarding the interests of Tenet, its patients, employees, and shareholders by assessing information security risks to Tenet data and networks.

REPORTING STRUCTURE & WORK SETTING

Remote work position, within the Security & Risk team, under the Director of Cybersecurity Risk Management, within the Tenet Corporate Cybersecurity organization.

OTHER REPRESENTATIVE DUTIES

NOTE: The essential duties and primary accountabilities below are intended to describe the general content of and requirements of this position and are not intended to be an exhaustive statement of duties.

• Work across Tenet and its facilities to complete security risk analysis activities.
• Perform assessment of information security risk posed by internal and external threats and vulnerabilities.
• Work with internal or external stakeholders to build and track remediation plans to mitigate residual risk.
• Assist various facility and corporate contacts to ensure that risks to ePHI are properly identified, documented, prioritized and reported to facility leadership.
• Assist, coach, mentor, or train new team members as needed
• Assist in identifying opportunities for cost savings throughout the process (e.g. process refinement, elimination of duplicated efforts).
• Assist management with enterprise risk assessment and annual Security Risk Analysis plan development.
• As an Information Security subject matter expert, negotiate provisions or agreements with vendors and other third-parties to ensure the existence and effectiveness of administrative, technical, and physical security controls and to provide adequate legal protection for Tenet in the event of a disclosure of its proprietary or confidential data.
• Evaluate IT general controls (ITGC) including information security, systems development life cycle (SDLC), change management, data center / physical security, data backup and recovery, business continuity, and associated risk exposures.
• Stay abreast of advances in technology and IT Security trends and developments; regularly share knowledge with staff and IS management; effectively interact with various levels of internal management.
• Identify emerging issues and recommend solutions to IT Audit & Compliance Management.

QUALIFICATIONS

• Information Technology (IT) security professional with a broad range of knowledge in the assessment of risk, compliance and audit of systems/processes.
• Experience evaluating compliance of national entities, specific to the healthcare industry.
• Skilled in coordination with vendors, service providers, customers, executives and subject matter experts.
• Proficient in mediation, negotiation, and effecting discrepancy remediation.
• Technically astute, experience in conducting security audits and compliance activities via telecommuting and site-based operations.

EDUCATION AND WORK EXPERIENCE

• Minimum ten years of experience or five years of experience with a BS in Computer Science or equivalent field.
• Preferred education and/or experience: Experience working in cross-departmental teams and leading efforts through collaboration and influence.

SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES:

• Proven ability in the performance of information security risk assessments.
• Experience in performing risk and compliance assessments of new and existing solutions.
• Experience in negotiating Information Security Agreements helpful.
• Demonstrated ability in identification of vulnerabilities/threats to data, systems and networks.
• Ability to provide guidance and recommended remediation or alternative solutions for both internal and external supported environments.
• Ability to provide guidance in the identification, documentation and rating of threats/vulnerabilities, and remediation steps recommended to reduce risks to data, systems and networks.

Specialized training, certifications, or other special requirements:

• Certified Information Systems Security Professional (CISSP)
• Applied knowledge
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes-Oxley Act (SOX) (Preferred)
  • Service Organization Compliance (SOC 1 and SOC 2) (Preferred)
  • Payment Card Industry Data Security Standards (PCI-DSS) (Preferred)
  • Federal Financial Institutions Examination Council (FFIEC) (Preferred)

Tenet Healthcare/USPI complies with federal, state, and/or local laws regarding mandatory vaccination of its workforce. If you are offered this position and must be vaccinated under any applicable law, you will be required to show proof of full vaccination or obtain an approval of a religious or medical exemption prior to your start date. If you receive an exemption from the vaccination requirement, you will be required to submit to regular testing in accordance with the law.

Employment practices will not be influenced or affected by an applicant�s or employee�s race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status or any other legally protected status. Tenet will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship.