INTRODUCTION

Experience the HCA Healthcare difference where colleagues are trusted, valued members of our healthcare team. Grow your career with an organization committed to delivering respectful, compassionate care, and where the unique and intrinsic worth of each individual is recognized. Submit your application for the opportunity below: Zone FISO HCA Healthcare

BENEFITS

HCA Healthcare offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
• Family support through fertility and family building benefits with Progyny and adoption assistance.
• Referral services for child, elder and pet care, home and auto repair, event planning and more
• Consumer discounts through Abenity and Consumer Discounts
• Retirement readiness, rollover assistance services and preferred banking partnerships
• Education assistance (tuition, student loan, certification support, dependent scholarships)
• Colleague recognition program
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits
Note: Eligibility for benefits may vary by location.
We are seeking a Zone FISO for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!

JOB SUMMARY AND QUALIFICATIONS

The Zone Facility Information Security Official is a shared role across a market, responsible for leading, driving, and, in some cases, implementing Information Protection & Security (IPS) activities in company entities under the supervision of the Division Director of Information Security Assurance (DISA) or a Manager, Consulting, or Senior ZFISO. He or she serves as a liaison between local leadership and IPS leadership.
Under general supervision from the DISA, they are responsible for performing a wide range of tasks that support the ongoing maturation of the IPS program, including: driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and rounding with local leadership to reduce or eliminate risky behaviors. They are responsible for helping workforce members appropriately comply with the company’s IPS requirements.
This role requires extensive focus on building and expanding relationships with key stakeholders such as local leadership; workforce members; physicians; IT teams; business owners; vendors; and other people and entities who support IPS objectives and activities.
The ZFISO must have a combination of skills including written and verbal communication skills, interpersonal skills, and the ability to influence, guide, and/or lead others necessary to accomplish IPS goals.

EDUCATION & EXPERIENCE:

• Bachelor’s degree and 3+ years of experience in a relevant field or High School Graduate/Equivalent and 6+ years of experience in a relevant field required or equivalent combination of education and/or experience

REQUIRED KNOWLEDGE, SKILLS, ABILITIES, BEHAVIORS:

• Experience in developing and assessing technical and process-based controls, managing risk assessments/investigations, and working with organization management to integrate controls into the scope of existing business practices preferred
• Exposure to management and/or operations in a number of healthcare business or IT functional areas preferred
• Experience in some combination of audit, risk management, information security, privacy, and information technology.
• Knowledge of information security regulations (HIPAA Privacy/Security, Sarbanes-Oxley IT controls, Payment Card Industry (PCI)) preferred
• Possesses the ability to build and maintain positive team relationships at all levels of the facility, market, and corporate levels.
• Possesses A sense of responsibility and accountability – someone who takes ownership and initiative.
• Creative thinker, always looking for a “better way” to deliver value; not stopped or discouraged by adversity.
• Demonstrates respect for diversity of experience, characteristics, viewpoints, and opinions.
• Maintains professional demeanor, appearance, and positive attitude.
• Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.

Risk Management

• Coordinate and perform risk assessments using corporate-provided tools and templates.
• Drive and manage execution of corrective action plans to address deficiencies identified during risk assessments.
• Ensure the designated committee (e.g., Security Committee, Ethics & Compliance Committee) receives, documents, tracks, investigates, and sponsors remediation of security control deficiencies, suspected IPS incidents, and complaints. Provide education and guidance to ensure these committees make informed, risk-based decisions necessary to balance business needs and security objectives.
• Represent IPS needs in strategic planning, budgeting, and work prioritization processes.
• Drive ongoing compliance with IPS policies, standards, and operational procedures.
• Work with local leaders to submit and approve exceptions to IPS standards.
• Lead audit response activities to address IPS issues identified by Internal Audit or external auditors (e.g., CMS HIPAA Security audits).

Issues Tracking and Resolution

• Support, coordinate, and manage incident response and investigation activities.
• Investigate information leaving the organization with appropriate leadership (i.e. Manager, ECO, HR, Legal)
• Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IPS issues are applied appropriately and consistently.
• Perform follow-up education and consultation with workforce members with risky behaviors and/or behaviors that violate Company policies and standards.

Execution

• Round to build and strengthen relationships with workforce members at all levels and to educate staff on how to reduce or eliminate risky behaviors.
• Facilitate, and lead where appropriate, proactive IPS communication and awareness activities including coordinating with HR and training departments to ensure that periodic workforce training includes company-required IPS content.
• Assist with and manage the review and approval of user requests for high-risk access.
• Assist the Division DISA in driving key elements in the enterprise and division IS programs to ensure that required processes are adopted and maintained.
• Lead and coordinate implementation and adoption of technology and processes changes.

Vendor Systems Security

• Collaborates with system business owners to ensure vendor contracts are in place for department and IT systems and services.
• Work with appropriate business, IT, supply chain, and corporate IPS stakeholders to help ensure specific systems, services, and devices receive proper security assessments and remediation.
• Work with business, purchasing, and IT stakeholders to ensure proper controls are in place for existing vendor-maintained solutions.
• Work with system business owners and vendors to document system vulnerabilities and document mitigation controls or remediation actions.
• Ensure vendor systems use approved connectivity, remote management and monitoring.
• Performs other duties as assigned
• Practices and adheres to the “Code of Conduct” philosophy and “Mission and Value Statement.”