Inspire health. Serve with compassion. Be the difference.
The Information Security Governance, Risk, and Compliance
Coordinator is the subject matter expert for the Information
Security Governance, Risk and Compliance program at Prisma Health.
This position is responsible for developing, implementing and
administering Information Security plans, policies and procedures,
standards, and services and ensuring the ongoing compliance and
security of Prisma Health information resources in the context of
the NIST Cybersecurity Framework (CSF). This includes all aspect of
Information Security risk assessment and management, policies and
procedures, governance and compliance, vulnerability scanning, and
security training and awareness.
Leads risk and compliance assessments and/or audits (HIPAA,
PCI-DSS, NIST CSF, etc.) of organizational systems, to include
SaaS, PaaS, IaaS services. Processes and interprets assessment
results, and develops recommendations to treat risk to the
organization. Leads in the presentation of risk assessment results
and risk treatment plans to Prisma Health leadership, and oversees
compliance with remeidation and risk treatment plans.
Responsible for development of Information Security related
policies, procedures, and standards. Oversees and manages Third
Party Risk Assessments and recommends controls and monitors the
effectiveness of the controls after implementation.
Leads enterprise-wide, risk-based security and continuity
capabilities to meet changing internal and external threat
landscapes. This includes responsibility for identifying and
protecting sensitive information, detecting and responding to cyber
threats, and maintaining compliance with regulatory requirements
and industry standards.
Leads in the development of security training and awareness
delivery. Performs a security advocacy role and act as a liaison
with business units for issues related to information security and
ongoing compliance with governance and organizational policy.
- Leads security awareness training to organization employees.
Administer and manage Security Awareness Training Program (research
and update content, rollout, employee training participation
verification, reporting on hosted LMS). Provides on-demand targeted
security training supporting key initiatives. - 5%
- Leads vulnerability management program to ensure
vulnerabilities across the enterprise are identified, documented
and remediated. Vulnerabilities to include common infrastructure
systems and services, third party platforms, vendor managed medical
systems, hosted web-services and software development code
vulnerabilities. Reviews and verifies security patch processes to
ensure software updates are applied within policy guidelines. -
- Responsible for Governance Risk and Compliance platform.
Ensures information security risk is accurately tracked across the
enterprise. Document, review and maintain risk, controls, control
activities, conduct control mapping across multiple frameworks and
regulatory requirements. - 15%
- Manage third party risk and compliance assessment engagements.
Performs internal system/platform risk assessments and audits.
Responsible for completion of security compliance assessment
questionnaires. - 10%
- Leads Information Security Program implementation of the NIST
Cybersecurity Framework including defining, documenting,
implementing and enforcing policies, standards and practices to
protect the Prisma Health sensitive information and resources. -
- Responsible for the implementation and management of incident
response plan and reporting requirements by the GRC team to address
security incidents and events, and takes action on policy
violations or complaints. Participates with the incident response
team to contain, and investigate incidents then prepare a plan to
prevent future similar incidents. - 15%
- Develops and presents information security reports and metrics
for staff, management and executive presentations. - 10%
- Leads in the development of security standards, policies and
procedures and best practices for the organization. - 15%
- Stays current on all regulations, laws, security frameworks and
certifications. Research the latest information technology (IT)
security trends and threats. - 5%
- Assist technical staff to support security efforts as directed
by management. - 5%
This is a non-management job that will report to a supervisor,
manager, director or executive.
- Bachelor's Degree - Computer Science, Information Security or
business with technical experience
- 8 years - A minimum of 8 years combined information security,
healthcare, and technical experience
In Lieu Of
In Lieu of the education and experience requirements noted
above, a combination of experience, education and
Required Certifications, Registrations, Licenses
- ISACA Certified Information Systems Auditor (CISA) OR Certified
in Risk and Information Systems Control (CRISC)
- ISC2 Healthcare Certified Information Security & Privacy
Practitioner (HCISSP, Preferred), Certified Information Security &
Privacy Practitioner (CISSP), OR CompTIA Advanced Security
Knowledge, Skills or Abilities
- Understanding of information security healthcare industry
regulatory requirements (HIPAA, PCI-DSS).
- Knowledge of NIST Cybersecurity Framework, SOC 2, HITRUST
and/or ISO 27001 Certifications - Preferred.
- Ability to lead high-level presentations on security of
information systems with organizational leadership.
- Previous experience in healthcare industry information
Day (United States of America)
Greenville Memorial Med Campus
70019411 Information Security
Share your talent with us! Our vision is simple: to transform
healthcare for the benefits of the communities we serve. The
transformation of healthcare requires talented individuals in every
role here at Prisma Health.