Adventist Health System Altamonte Springs, FL, USA
Mar 23, 2019
Job Description Description GRC Security Specialist - Intermediate AdventHealth Information Technology Location Address: Inspiration Avenue, Altamonte Springs FL Top Reasons To Work At AdventHealth Corporate • Great benefits • Immediate Health Insurance Coverage • Career growth and advancement potential • Award-winning IT Department Work Hours/Shift: Full-Time, Monday - Friday You Will Be Responsible For: • Develop workflows and administer enterprise GRC solution • Integrate enterprise GRC with other IT systems including identity and access management, IT ticketing system, asset inventory and vulnerability management • Consult with customer to gather and define requirements • Continually optimize and enhance workflows • Provide status updates and present on GRC solution related topics to other team members in a professional manner • Support security training and awareness program by providing GRC contents to the training teams • Engage and work with a variety of internal departments and external organizations, including but not limited to legal firms, law enforcement agencies, and all other levels of government • Participate in the routine administrative work of the Information Security Office (InfoSec) Qualifications KNOWLEDGE AND SKILLS REQUIRED : • Governance, Risk, and Compliance (GRC) software platform administration experience. • Experience building and customizing GRC workflows including, forms, surveys, approval workflows, dashboards, database administration to support business and risk management processes • General knowledge of Information Security frameworks and how to integrate the control requirements in a GRC platform • Strong competency using Microsoft Visual Studio • Experience developing against a REST based API • Expert knowledge of C#, SQL, and XML • Well-versed in secure software development lifecycle procedures and concepts • Well-versed in project management procedures and concepts • Have soft skills, such as multi-tasking, self-starter, prioritization, time management, decision making, teamwork, presentation, communication and strong interpersonal skills • Microsoft suite of applications (Word, Excel, Visio, Project, etc.) KNOWLEDGE AND SKILLS PREFERRED: • Lockpath Keylight Governance, Risk, and Compliance (GRC) software platform deployment and administration experience • Experience building and customizing Lockpath Keylight GRC workflows • Working knowledge of information security risk management and risk assessment methodologies. • Expert knowledge of one or more of the following: HITRUST, HIPAA Security and Privacy Rule, Red Flags Rule, Healthcare IT Standards (HITSP), HITECH, Meaningful Use (MU), COBIT, and PCI. • Strong background in business application, IT, and information security development • A diverse set of technical skills, such as IT infrastructure, operating systems, data centers, access controls, cloud security, applications security, malware protection, security monitoring, physical security controls, etc. • Working knowledge of enterprise security systems (e.g., Firewalls, VPN, IDPS, SEIM), security threats and related risks, malware protection, virtual networks, asset management, pen-testing, vulnerability management, access management, configuration management, encryption techniques, cloud security, and 3rd party security EDUCATION AND EXPERIENCE REQUIRED : • Bachelor's degree in Computer Science or Information Systems or equivalent work experience. • 3-5 years of experience developing complex business and/or risk-based workflows in a professional services firm and/or large enterprise • 3 or more years of experience in information security EDUCATION AND EXPERIENCE PREFERRED: • Master's in computer science, information systems/technology, cybersecurity, or business administration from an accredited university • Experience in the healthcare industry doing information security LICENSURE, CERTIFICATION OR REGISTRATION REQUIRED : • Keylight Admin LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED: • Cybersecurity certification Summary: Governance, Risk and Compliance (GRC) Security Specialist - Intermediate is responsible for the development and administration of Information Technology Governance, Risk, and Compliance (GRC) solutions and content. This position will develop, integrate and administer complex enterprise GRC workflows, data, system integration and related tools. Other key activities include working with Information Security, Information Technology and business stakeholders to understand and support their use of the IT GRC platform and to ensure Information Security controls are managed though out a full lifecycle that includes policies, procedures, implementation, metrics, and assurance requirements. This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.