Director of Information Security Assurance-BISO
Company: HCA Healthcare
Location: Nashville
Posted on: July 1, 2025
|
|
|
Job Description:
Do you have the career opportunities as a(an) Director of
Information Security Assurance you want with your current employer?
We have an exciting opportunity for you to join HCA Healthcare
which is part of the nations leading provider of healthcare
services, HCA Healthcare. Benefits HCA Healthcare, offers a total
rewards package that supports the health, life, career and
retirement of our colleagues. The available plans and programs
include: • Comprehensive medical coverage that covers many common
services at no cost or for a low copay. Plans include prescription
drug and behavioral health coverage as well as free telemedicine
services and free AirMed medical transportation. • Additional
options for dental and vision benefits, life and disability
coverage, flexible spending accounts, supplemental health
protection plans (accident, critical illness, hospital indemnity),
auto and home insurance, identity theft protection, legal
counseling, long-term care coverage, moving assistance, pet
insurance and more. • Free counseling services and resources for
emotional, physical and financial wellbeing • 401(k) Plan with a
100% match on 3% to 9% of pay (based on years of service) •
Employee Stock Purchase Plan with 10% off HCA Healthcare stock •
Family support through fertility and family building benefits with
Progyny and adoption assistance. • Referral services for child,
elder and pet care, home and auto repair, event planning and more •
Consumer discounts through Abenity and Consumer Discounts •
Retirement readiness, rollover assistance services and preferred
banking partnerships • Education assistance (tuition, student loan,
certification support, dependent scholarships) • Colleague
recognition program • Time Away From Work Program (paid time off,
paid family leave, long- and short-term disability coverage and
leaves of absence) • Employee Health Assistance Fund that offers
free employee-only coverage to full-time and part-time colleagues
based on income. Learn more about Employee Benefits Note:
Eligibility for benefits may vary by location. Our teams are a
committed, caring group of colleagues. Do you want to work as a(an)
Director of Information Security Assurance where your passion for
creating positive patient interactions is valued? If you are
dedicated to caring for the well-being of others, this could be
your next opportunity. We want your knowledge and expertise! Job
Summary The Director of Information Security Assurance (DISA) leads
the Information Protection & Security (IPS) program for HCA
Healthcare’s Marketing and Corporate Affairs, including: driving
consistency and visibility of risk management activities; working
with key stakeholders to protect patients and prevent data loss;
and partnering with leadership to reduce or eliminate risky
workforce behaviors. This role is responsible for helping business
and IT leadership, as well as the colleagues, comply with IPS
requirements while meeting business needs. This position champions,
administers, and provides interpretation of IPS policies,
standards, and procedures to arrive at appropriate risk-based
decisions that balance operational needs and security risks. They
oversees the assessment of security controls and work with
appropriate leadership to ensure any deficiencies are addressed.
They are also responsible for the planning, communication, and/or
oversight of IPS initiatives, to ensure consistent program
implementation and efficient resource use. This role requires
extensive focus on building and expanding relationships with key
stakeholders such as business and IT leadership; workforce members;
physicians; local IT teams; business owners; vendors; and other
people and entities who support IPS objectives and activities. The
DISA must have a combination of skills including strong written and
verbal communication skills, interpersonal skills, and the ability
to influence, guide, and/or lead others necessary to accomplish IPS
goals. Major Responsibilities: Risk Management • Implement and
manage risk management activities to facilitate effective,
efficient, and standardized approach to align with the IPS program
• Identify, establish, and maintain strategic relationships with
key stakeholders to help accomplish IPS objectives. • Lead their
IPS risk management program, using corporate-provided tools and
templates, to assure the presence and effectiveness of
administrative, technical, and physical controls. • Guide
risk-based decisions by appropriate decision-makers that focus on
preventing or correcting identified security risks through
implementation of reasonable controls. • Provide leadership and
oversight for acquisition or divestiture due diligence efforts •
Represent IPS needs in strategic planning, budgeting, and work
prioritization. • Collaborate with other IPS leaders to ensure
consistency of IPS program and solutions. Issue Tracking and
Resolution • Manage operational processes that monitor and respond
to potential security threats. • Partner with corporate departments
and/or external entities (e.g., law enforcement) as required to
facilitate rapid response to security events. • Partner with HR
Director, FPO, Legal, and ECO on cross-disciplinary incident
investigation and reporting. • Partner with IT colleagues to assure
ongoing maturity of IT operational security controls. • Lead
follow-up education and consultation activities for workforce
members with risky behaviors and/or behaviors that violate IPS
policies and standards. Execution • Round on leadership and
colleagues to build relationships necessary to influence decisions
that protect the company and educate workforce on how to reduce or
eliminate risky behaviors. • Lead and coordinate the implementation
and adoption of process and technology changes necessary to support
IPS program goals and strategic objectives. • Oversee processes for
review and approval of security exception requests. Vendor Systems
Security • Ensure proper vendor contracts and security terms are in
place for systems, devices, and services. • Partner with
appropriate business and IT leadership to help ensure systems,
services, and devices receive appropriate assessments and
remediation as part of local on-boarding processes. • Partner with
business and IT leadership to ensure proper controls are in place
for existing vendor-maintained solutions. Communication • Educate
leaders and workforce members on IPS requirements and secure
processes that protect sensitive information. • Facilitate, and
lead where appropriate, IPS communication and awareness activities.
Knowledge, Skills, Abilities, Behaviors: • Significant experience
in developing and assessing technical and process-based controls,
managing risk assessments/investigations, and working with
organization management to integrate controls into the scope of
existing business practices. Required • Experience in marketing
technologies (e.g., CRM, CMS, SEO). Preferred. • Experience in
business management and/or operations and IT functional areas.
Required • Experience in some combination of audit, risk
management, information security, privacy, and information
technology. Required • Significant experience with relevant
regulations (e.g., HIPAA, SOX, PCI, GLBA, FERPA) and applying these
to identify appropriate controls necessary to maintain compliance
Required • Strong leadership skills, personal drive, and the
ability to see projects through to execution in a matrixed
environment. Required • Demonstrated experience in building and
maintaining positive team relationships at all levels of the
organization. Required • Ability to communicate effectively, in
written and verbal forms, at an executive level. Required •
Possesses confident leadership skills: decisiveness, assertiveness,
with the ability to achieve results quickly. Required •
Demonstrates a high degree of initiative, dependability, and the
ability to work with minimal supervision. Required • Possesses a
sense of responsibility and accountability – someone who takes
ownership and initiative. Required • Creative thinker, always
looking for a “better way” to deliver value; not stopped or
discouraged by adversity. Required • Demonstrates respect for
diversity of experience, characteristics, viewpoints, and opinions.
Required • Maintains professional demeanor, appearance, and
positive attitude. Required • Adaptable and flexible, with the
ability to handle ambiguity and sometimes changing priorities.
Required Education & Experience: • Bachelors degree Required •
Masters degree Required • 7 years of experience in a relevant field
Required • 7 years of experience in security risk management,
information security domains, and/or privacy. Preferred • 3 years
of experience in leadership and management Required Licenses,
Certifications, & Training: • CISSP, CISA, HCISPP, CHC, CHPC, CHSP,
CISM or other relevant certifications in information security or
privacy Preferred Additional Information: • Candidate must live
in/near the Greater Nashville, TN Area or be willing to relocate to
the area
Keywords: HCA Healthcare, Nashville , Director of Information Security Assurance-BISO, IT / Software / Systems , Nashville, Tennessee
