Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 39 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.
Summary:
The Cyber Security Risk Management (CSRM) organization enhances safety, dignity, and confidence by fostering a trustworthy digital environment for care delivery and business operations. As a Cyber Security Engineer - Compliance, you will coordinate periodic access reviews for key SOX systems and applications, including running reports in multiple systems, analyzing data, and investigating exceptions for potential risk exposure. In this role, you will collaborate closely with internal and external auditors, cybersecurity, IT, and business stakeholders to ensure evidence provided is complete and accurate.
Essential Duties and Responsibilities:
Perform and coordinate user access reviews (UARs) of in-scope applications and systems, including running access reports, analyzing data, collecting management responses, and driving remediation.Perform access exposure testing and root cause analysisEvaluate audit findings and coordinate remediation of deficienciesCommunicate and collaborate with Technology, Business, and Audit partners to respond to and address compliance riskDocument and maintain documentation for SOX processes, controls, and procedures
Qualifications:
Required Education: High School DiplomaPreferred Education: Associate’s or Bachelor’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), equivalent certifications, or equivalent work experience.Required Experience:Duration: 2 yearsCompetencies:Experience in regulatory standards (HIPAA, HITECH, PCI, SOX, COBIT)Understanding of Identity Access Management principles and practicesKnowledge of cybersecurity principles and practicesExcellent verbal and written communication skills with the ability to interact effectively with all levels of managementDemonstrated problem-solving abilitiesStrong research and analytical skillsSelf-starter and flexible team playerAbility to work in an evolving environment with changing processes and proceduresPreferred Experience:Duration: 5 yearsCompetencies:Knowledge of Industry Standard Audit MethodologiesFamiliarity with NIST Cybersecurity Framework (CSF)Core understanding of risk management principles, especially NIST Risk Management Framework (RMF)Healthcare industry experienceTechnologies:Governance, Risk, and Compliance (GRC) platformsPowershellServiceNowMicrosoft SQL Server Management Studio (MSSMS)Required License/Registration/Certification: NonePreferred License/Registration/Certification: Security+Computer Skills Required:Experience working in a Windows environmentFamiliarity with Microsoft / Google office suites
Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below: