Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 39 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
Summary:
The Cyber Security Risk Management (CSRM) organization enhances safety, dignity, and confidence by fostering a trustworthy digital environment for care delivery and business operations. As a Cyber Security Engineer - Compliance, you will coordinate periodic access reviews for key SOX systems and applications, including running reports in multiple systems, analyzing data, and investigating exceptions for potential risk exposure. In this role, you will collaborate closely with internal and external auditors, cybersecurity, IT, and business stakeholders to ensure evidence provided is complete and accurate.
Essential Duties and Responsibilities:
- Perform and coordinate user access reviews (UARs) of in-scope applications and systems, including running access reports, analyzing data, collecting management responses, and driving remediation.
- Perform access exposure testing and root cause analysis
- Evaluate audit findings and coordinate remediation of deficiencies
- Communicate and collaborate with Technology, Business, and Audit partners to respond to and address compliance risk
- Document and maintain documentation for SOX processes, controls, and procedures
Qualifications:
- Required Education: High School Diploma
- Preferred Education: Associate’s or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), equivalent certifications, or equivalent work experience.
- Required Experience:
- Duration: 2 years
- Competencies:
- Experience in regulatory standards (HIPAA, HITECH, PCI, SOX, COBIT)
- Understanding of Identity Access Management principles and practices
- Knowledge of cybersecurity principles and practices
- Excellent verbal and written communication skills with the ability to interact effectively with all levels of management
- Demonstrated problem-solving abilities
- Strong research and analytical skills
- Self-starter and flexible team player
- Ability to work in an evolving environment with changing processes and procedures
- Preferred Experience:
- Duration: 5 years
- Competencies:
- Knowledge of Industry Standard Audit Methodologies
- Familiarity with NIST Cybersecurity Framework (CSF)
- Core understanding of risk management principles, especially NIST Risk Management Framework (RMF)
- Healthcare industry experience
- Technologies:
- Governance, Risk, and Compliance (GRC) platforms
- Powershell
- ServiceNow
- Microsoft SQL Server Management Studio (MSSMS)
- Required License/Registration/Certification: None
- Preferred License/Registration/Certification: Security+
- Computer Skills Required:
- Experience working in a Windows environment
- Familiarity with Microsoft / Google office suites
Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:
- The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
- The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
- The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.