Job Location: Ohio
Thank you for considering a career at Bon Secours Mercy Health!
SUMMARY
The Sr. Platform Principal Cloud Security GRC Digital / Analytics is responsible for leading the day-to-day IT compliance, data governance, and IT risk management functions for a cloud security analytics platform. The role will include primary responsibility for defining, creating, and managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices in accordance with BSMH security policies and standards. The role will also support disaster recovery and business continuity, Agile service delivery, incident response, HITRUST, SOC 2, compliance/accreditation, vulnerability assessments and penetration testing remediation, awareness training, Scrum Master; and cybersecurity intelligence reporting metrics. This is a broadly defined role that encompasses many aspects of cloud security engineering, assurance, and administration. The successful candidate will be multi-faceted in their interest and skillset.
ESSENTIAL JOB FUNCTIONS
- Collaborate to define IT security standards and develop supporting organizational policies
- Perform security and compliance assessments on new and existing systems, processes, technology
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts
- Work with various business units to ensure controls are adequate, appropriate, and effective
- Develop security procedures in accordance with BSMH security policies and standards
- Collaborate with BSMH Cyber Security Assurance, Legal, Privacy, Risk/Claims
- Support internal and external audit process for relevant compliance accreditation including PCI-DSS, SOC 2 Type 2, HITRUST
- Support forensic investigations
- Support writing policies, standards, and technical guides for cloud IaaS, and SaaS, PaaS platforms
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks
- Support creating metrics for predictive analytics reporting
- Researching and deploying state-of-the-art technology solutions and innovative security management techniques to safeguard the organizations personnel and assets, including intellectual property and trade secrets
- Support HITRUST accreditation including documentation, scoping, remediation, tracking
- Support cloud asset management tools and reporting
- Support cloud threat deception taxonomy
- Support cloud compliance Azure Purview, Azure Security Center
- Support cyber threat intelligence reporting and security awareness to change behaviors
- Support daily Agile sprints and product owner
- Support as Scrum Master
- Support disaster recovery and business continuity
This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Employees may be required to perform other job-related duties as required by their supervisor, subject to reasonable accommodation.
LICENSURE/CERTIFICATIONS
HITRUST CCSFP – (required)
HITRUST CHQP – (preferred)
Payment Card Industry Compliance Internal Security Assessor PCI-ISA – (preferred)
Payment Card Industry Professional( PCIP) – (preferred)
Certified Accreditation Professional (CAP) – (preferred)
Certified Data Privacy Solutions Engineer (CDPSE) – (preferred)
Certified Information Systems Auditor (CISA) –(preferred)
Certified Information Systems Security Engineer (CISSP) – (preferred)
Information Systems Security Management Professional (ISSMP) – (preferred)
Certified Information Security Manager (CISM) – (preferred)
SANS GIAC Security Network Auditor (GSNA) – (preferred)
Certified Cloud Security Professional (CCSP) – (preferred)
Certified in Risk and Information Systems Control (CRISC) – (preferred)
Certified HIPPA Professional (CHP) – (preferred)
Certified Cybersecurity Architect (CCSA) – (preferred)
Certificate of Cloud Security Knowledge (CCSK) – (preferred)
Certified Scrum Mater (CSM) – (preferred)
Certified SANS Security Awareness Professional (SSAP) – (preferred)
ITIL Foundation Certification – (preferred)
Certified Information Privacy Professional (CIPP/US) – (preferred)
Certified Business Continuity Professional (CBCP) – (preferred)
EDUCATION
Bachelor’s degree (required)
Field of Study – Information Assurance, Information Security, Information Technology, Information Systems, Computer Engineering, or Cybersecurity (required)
Masters degree (required)
Field of Study- Information Assurance, Information Security, Information Technology, Cybersecurity or Business Administration (preferred)
WORK EXPERIENCE
10 to 15 years of recent experience in information technology/cybersecurity (required)
TECHNICAL/HARD SKILLS
- Significant experience with legal and regulatory compliance standards such as PCI-DSS, SOC 2 Type 2, GDPR, HIPAA, HIRUST
- Familiarity with ISMS and security frameworks, particularly NIST, HITRUST, Cybersecurity Framework
- Strong understanding of fundamental information security concepts and technology
- Experience with IT GRC/IRM platforms (Service Now, One Trust, FAIR etc.)
- Experience with IT governance, risk, and compliance management in a large global environment
- Experience designing and implementing cloud solutions using IaaS, SaaS, and PaaS
- Deep understanding of tools in the Azure platform
- Expertise in PowerShell and other automation languages (Python, Go, etc.)
- Experience Azure cloud vulnerability remediation
- Experience cyber security incident response and forensics
- Experience technical writing security configuration guides, and standards
- Experience supporting risk analysis and compliance cloud IaaS, PaaS, and SaaS platforms
- Experience or knowledge Azure cloud security
- Experience writing security policies, standards, and security technical information security guides
- Experience creating data flow diagrams with Microsoft Visio
- Experience writing technical procedures
- Experience delivering executive level presentations
- Experience Excel to support metric reporting
- Experience in leadership
- Knowledge and experience working and supporting in an Agile service delivery model
- Experience and knowledge data protection and privacy laws regulatory compliance
- Experience disaster recovery and business continuity
INTERPERSONAL/SOFT SKILLS
- Attention to detail
- Acceptance of authority
- Critical thinking
- Communication with family members
- Teamwork
- Conflict resolution
- Active listening
- Relationship building
- Technical Writing
- Analytical and problem solving
- Sensitivity to accuracy, timeliness, and professionalism in all areas of support activity
- Communications – ability to prepare presentations and communicate to a technical and non-technical audience
Bon Secours Mercy Health is an equal opportunity employer.
Many of our opportunities reward* your hard work with:
- Comprehensive, affordable medical, dental and vision plans
- Prescription drug coverage
- Flexible spending accounts
- Life insurance w/AD&D
- Employer contributions to retirement savings plan when eligible
- Paid time off
- Educational Assistance
- And much more
- Benefits offerings vary according to employment status
Scheduled Weekly Hours:
40
Work Shift:
Days
Department:
SS Analytics
All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you’d like to view a copy of the affirmative action plan or policy statement for Mercy Health – Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email recruitment@mercy.com. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at recruitment@mercy.com.
Submit CV To All Data Science Job Consultants Across United States For Free