Sr Info Security Auditor

Job Description
– Sr Info Security Auditor (2100045F)

Job Description

Sr Info Security Auditor
– ( 2100045F )

Description

The Senior Information Security Auditor will be responsible to ensure that security controls are properly employed that meet requirements in support of federal regulations and industry standards.

The Sr Information Security Auditor will lead the collection of evidence in support of information security audits and assessments including those done in support of HIPAA, PCI DSS, GDPR, and other mandates.

The Sr Information Security Auditor will also support the establishment of new policies that address gaps in the security posture of the organization.

The auditor will work closely with other members of the Information Security team to ensure that security controls are adopted and configured based on frameworks such as CIS and NIST.

They will also work closely with the privacy and compliance team to ensure that common issues are addressed jointly by both organizations.

They will coordinate and assist with internal and external auditors.

They will work with the Director of Cybersecurity Governance and Risk Management to measure the effectiveness of controls.

Qualifications

Minimum Education
Bachelor’s Degree in Computer Science or related field (Required)

Minimum Work Experience
6 years years demonstrated experience in an information security role (Required)

Required Skills/Knowledge
In-depth knowledge of information security policies, procedures, and practices.

Strong knowledge of HIPAA, HITECH, NIST and other regulatory or standards requirements.

Excellent written and verbal communication skills.

Demonstrated experience conducting audits and risk assessments.

Understanding of Information Security policies and their relationship to security controls such as NIST 800-53.

Advanced computer skills/familiarity with business software.

In-depth knowledge of information security systems and products.

Demonstrated experience with the assessment, design, implementation and management of large scale enterprise-wide information security systems.

Proficient in compiling and analyzing data to support audit findings and risk assessments

Required Licenses and Certifications
CompTIA Security + or equivalent (Preferred)

Functional Accountabilities
Policy

• Lead the establishment of information security policies, standards, and procedures that document roles, responsibilities, and expectations of CNH staff.
• Monitor activities across CNH that require clarification of Information Security policies, standards, or procedures.
• Identify and review gaps in CNH policies based on existing cybersecurity frameworks including NIST (800-53), HIPAA, PCI DSS, and others.

Audit and Compliance

• Work with internal and external auditors to gather evidence to support information security audits, including those that support ITGC, PCI DSS, HIPAA, and GDPR.
• Perform continuous analysis of the environment to determine weaknesses that should be remediated in anticipation of upcoming audits.
• Stay aware of best practices in cybersecurity that can be adopted by CNH in meeting future audit requirements.
• Provide regular reports and metrics on our security posture relative to meeting audit requirements
• Perform regular risk assessments to identify areas of risk across CNH and document within our risk register.
• Follow-up with system and business owners to ensure proper remediation of risks within CNH.
• Regularly report out on progress from risk assessments including the status of findings and residual risk in the organization.
• Employ best practices in risk assessment including FAIR, to help quantify risks.

Organizational Accountabilities
Organizational Commitment/Identification

• Anticipate and responds to customer needs; follows up until needs are met

Teamwork/Communication

• Demonstrate collaborative and respectful behavior
• Partner with all team members to achieve goals
• Receptive to others’ ideas and opinions

Performance Improvement/Problem-solving

• Contribute to a positive work environment
• Demonstrate flexibility and willingness to change
• Identify opportunities to improve clinical and administrative processes
• Make appropriate decisions, using sound judgment
• Use resources efficiently
• Search for less costly ways of doing things

Safety

• Speak up when team members appear to exhibit unsafe behavior or performance
• Continuously validate and verify information needed for decision making or documentation
• Stop in the face of uncertainty and takes time to resolve the situation
• Demonstrate accurate, clear and timely verbal and written communication
• Actively promote safety for patients, families, visitors and co-workers
• Attend carefully to important details
  – practicing Stop, Think, Act and Review in order to self-check behavior and performance

Primary Location

: Maryland-Silver Spring

Work Locations

: Tech Hill 12211 Plum Orchard Drive Silver Spring 20904

Job

: Information Technology

Organization

: Operations

Regular / Temporary : R (Regular)

Position Status : FT
– Full-Time

Shift : Day

Work Schedule : Mon-Fri

Job Posting

Childrens National Hospital is an equal opportunity employer that evaluates qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender, identity, or other characteristics protected by law.