Introduction

Do you have the career opportunities as a Manager FISO you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
  
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
  
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
  
• Family support through fertility and family building benefits with Progyny and adoption assistance.
  
• Referral services for child, elder and pet care, home and auto repair, event planning and more
  
• Consumer discounts through Abenity and Consumer Discounts
  
• Retirement readiness, rollover assistance services and preferred banking partnerships
  
• Education assistance (tuition, student loan, certification support, dependent scholarships)
  
• Colleague recognition program
  
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
  
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits

Note: Eligibility for benefits may vary by location.

Our teams are a committed, caring group of colleagues. Do you want to work as a Manager FISO where your passion for creating positive patient interactions are valued? If you are dedicated to caring for the well-being of others, this could be your next opportunity. We want your knowledge and expertise!

Job Summary and Qualifications

JOB SUMMARY

The Manager, PSG Facility Information Security Official (FISO) Program is responsible for developing and implementing the PSG Information Security Program to over 1300 physician practices, over 150 urgent care clinics, Hospital Based Providers, Provider Plus (Telehealth Providers), Graduate Medical Education, Lab Services, Anesthesia Services, PSG Information Technology Group, as well as PSG Corporate. This includes collaborating with practice-level/clinic-level FISOs, as necessary to coordinate and implement the PSG Information Security Program and operational projects/tasks directed within HCA’s enterprise Information Security Program. This position reports to the PSG Division Information Security Official (DISO).

Coordinates with Corporate, Division, and practice/clinic resources, as well as with external vendors, to assess security controls necessary to protect Company and patient information. Analyzes information collected during security assessments to determine security risk to PSG practice/clinic-level processes and systems. Manages and leads remediation plan development to address practice/clinic-level issues discovered during security reviews and/or assessments of applications, processes, and technology infrastructure. Consults with PSG and IT leadership to establish remediation responsibilities, actions, and priorities. Oversees activities to monitor and track remediation activities to address weaknesses and issues discovered through practice/clinic-level security risk assessments.

Responsible for personnel management for Zone FISOs and ensures that performance management and career development activities are completed. Focuses on staff development, builds and manages team relationships/culture, and plans and allocates resources to meet goals. Actively communicates resource constraints and continually balances resource supply to meet current demand. Recruits, as needed, and allocates resources to meet PSG goals and priorities.

FISO Program Development and Support

Develops, implements, and supports an PSG Information Security Program as required by Company policy (Information Security – Program Requirements: IS.SEC.001). This includes, but is not limited to:

• Establishing a practice/clinic-level FISO role, including designation, awareness/training, and continual community communications
• Collaborating with PSG Ethics & Compliance and Privacy communities to leverage and advance security initiatives, where possible
• Developing and deploying a user-level security awareness and training program, including materials to effectively communicate and enforce security controls
• Developing and implementing incident reporting and response procedures to identify and respond to security incidents/breaches (e.g., stolen/lost laptop, misuse of ePHI)
• Maintaining compliance with Company, industry and federal information security requirements

Risk Management

Designs and implements practice/clinic-level security risk assessment and management processes necessary to comply with Company risk management programs, policies, and standards. This includes, but is not limited to:

• Conducting Promoting Interoperability (PI) and HIPAA Security/HITECH Facility Risk Management Program (FRMP) security assessments
• Manages a work intake process that ensures applications, products, and services meet the requirements of the Corporate Information Security program.
• Works across teams to identify, evaluate, and reduce risks related to non-HCA systems and networks.
• Executing Information Security Agreements (ISAs) and coordinating vendor security assessments
• Assessing, aggregating, and analyzing security risk, as necessary to mitigate/remediate security risk to acceptable levels, including completion/tracking of Risk Acceptance Forms (RAFs)
• Monitoring and reporting of practice-level security risk to PSG leadership, including the PSG Division Security Committee
• Deploying and implementing operational tasks and projects, as directed by the Company’s Information Security Program, to manage practice/clinic-level information security risk

Personnel Management

Manages and directs PSG Zone FISOs as necessary to implement and support the PSG Information Security Program and effectively manage practice/clinic-level and PSG Corporate security risk. Manages and oversees staff activities as they execute operational and project tasks necessary to enable business needs/patient care while protecting Company and patient information.

Identifies opportunities for coaching/mentoring employees in the execution of their roles with the aim of developing their leadership abilities, promoting accountability/responsibility, and creating a positive team culture. Works with staff to set personal and project goals.

Mentors and develops staff through daily interaction and/or scheduled one-on-one meetings.

3-7 years of relevant work experience required

Bachelor’s degree required

SPECIAL QUALIFICATIONS

• Experience in information security, risk management, IT audit and controls, and information technology in a healthcare environment.
• Proven experience with healthcare industry and federal security regulations (e.g., HITECH/HIPAA, PCI).
• Experience with security risk management, including assessments, analysis, controls recommendation, and reporting.
• A proven track record in creating and maintaining strong business relationships.
• Ability to achieve Company initiatives through efficient and effective team management.
• Drives execution by taking ownership and demonstrating initiative.
• Exhibits analytical skills on a daily basis.
• Excellent written and verbal communication skills.
• Builds an effective team by fostering positive team morale.
• Treats others with dignity and respect.
• Certifications such as CISSP, CISA, CRISC, GSEC, and/or CISM are preferred.
• Management experience preferred.

PHYSICAL DEMANDS/WORKING CONDITIONS

• Some travel required but generally less than 20%.

• Typical work week hours can vary depending on workload, outages or project deliverables.

HCA Healthcare (Corporate), based in Nashville, Tennessee, supports a variety of corporate roles from business operations to administrative positions. Like our colleagues in any HCA Healthcare hospital, our corporate campus employees enjoy unparalleled resources and opportunities to reach their potential as healthcare leaders and innovators. From market rate compensation to continuing education and career advancement opportunities, every person has a solid foundation for success. Nashville is also home to our Executive Development Program, where exceptional employees are groomed to take on CNO- and COO-level roles in our hospitals. This selective program focuses on ethics, leadership and the financial and clinical knowledge required of professionals at this level of the industry.

HCA Healthcare has been recognized as one of the World’s Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder

If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Manager FISO opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.