"Information Security Architect - ENT - PCI/GRC"

Job Description

To independently employ a broad knowledge of principles, practices, and procedures in a particular field of specialization to plan, design, develop and support systems and projects. To conduct research and analysis and presents findings for review. To carry out complex assignments requiring the development of new or improved techniques and procedures. This position will commit to fostering an environment of heightened security following Information Technology Security Policies and participating in security training, such as Health Insurance Portability & Accountability Act (HIPAA) and Family Education Rights and Privacy Act (FERPA), on an annual basis.

Responsibilities

• Lead the Enterprise Payment Card Industry Assessments program
• Develop partnerships with Health System departments to aid in PCI compliance
• Serve as a PCI DSS expert for the Health System as it relates to current and future processes, applications, documentation, and products
• Promote awareness and training of PCI principles, requirements, and security best practices
• Provide technical expertise to departments completing SAQs

Qualifications

Bachelor's degree in Information Systems or a related field and six (6) years of related experience required. Work experience may substitute for education requirement. Certified Information Systems Security Professional (CISSP) certification preferred.

Preferred Skills

One of the following certifications preferred:

• CISSP
• CCNA
• CEH, OSCP, GPEN

Experience with two or more programs outlined below in a Healthcare setting preferred:

• IT Risk Management
  • Performing risk assessments on vendors, departments, systems and facilities
  • Working alongside business/system owners to remediate risk findings
  • Administrating GRC system (LogicGate, MetricsStream, Archer, etc.)
  • Following up with vendors where risk items have been identified for remediation
  • Working with risk owners to document remediation plans and exceptions
  • Assessing risk of vulnerabilities of assets on the network
  • Mapping risk findings to common controls
  • Determining risk of firewall requests
  • Documentation of control procedures
  • Assist with development of controls assurance program
• Compliance Management (PCI, HIPAA, NIST, URAC, Meaningful Use, etc.)
  • Coordinating technical application risk assessments that meet PCI requirements
  • Coordinating pen test, risk assessment and compliance assessments with external assessors
  • Assisting with the implementation of a cybersecurity framework and controls (PCI NIST CSF, CIS top 20, etc.)
  • Performing Self-Assessment Questionnaires (SAQ) for PCI compliance
• Network Security
  • Working knowledge of TCP/IP, HTTP, SSL, SSH and other networking protocols
  • Ability to assess network segmentation to meet compliance requirements
  • Understanding of industry best practices for network baseline configuration
  • Reviewing firewall requests to determine risk to organization
  • Managing network configuration tools such as (tufin, redseal, voyance, etc...)

Compensation: Pay Range: $126,470 - $205,515/year. Benefits available for eligible positions include: 100% tuition assistance, wellness initiatives, generous paid time off, paid parental leave, Public Service Loan Forgiveness Program eligible employer, plus more.

Job Highlights: A team of more than 400 professionals, Health System Information Services (HSIS) works to keep UAB Medicine's IT systems and infrastructure running smoothly to deliver quality care to our patients. Join our nationally ranked team at UAB Medicine, the No. 1 Best Large Employer in 2021 as ranked by Forbes magazine.

Work with the Best at UAB Medicine: UAB Medicine is Alabama's largest single-site employer and operates over 1,200 beds and over 200 clinics in Birmingham, Alabama. When you become part of UAB Medicine, you join a nationally ranked academic medical center committed to education and advancing medical science through research.