All the benefits and perks you need for you and your family:

• Benefits from Day One
• Paid Days Off from Day One
• Student Loan Repayment Program
• Career Development
• Whole Person Wellbeing Resources
• Mental Health Resources and Support

Our promise to you:

Joining AdventHealth is about being part of something bigger. It’s about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit. AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ. Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team. All while understanding that together we are even better.

Schedule: Full Time

The role you’ll contribute:

As a part of the AIT Information Security – Enterprise Security Team, the PCI Specialist – Intermediate supports the organization’s strategic initiatives that are aligned with the organizations business goals enhancing and aligning the PCI-DSS program. The PCI Specialist – Intermediate, with the guidance of the PCI Manager and/or PCI Specialist – Senior, will collaborate with the leaders within Information Security and with the internal stakeholders in the development and implementation of the enterprise-wide PCI-DSS compliance program. The PCI Specialist – Intermediate will analyze cardholder (Credit/Debit) data flows (business and application data flows) and accordingly determine the scope of the organizations PCI-DSS assessments and the risk to cardholder data. The PCI Specialist – Intermediate will ensure organization-wide compliance with PCI-DSS requirements to reduce Information Security risk to known and acceptable level.

As a trusted risk advisor, the PCI Specialist – Intermediate, with the guidance of the PCI Manager and/or PCI Specialist – Senior, will be required to communicate effectively with internal and external stakeholders to offer accurate and timely information and reporting. The individual will coach, mentor and lead staff in the daily operations of assigned areas. They will be required to deliver timely high-quality results demonstrated through product created and metrics reporting. Effective use of soft skills is required (e.g. time management, communication (verbal and written), organization) and will be required to maintain good communication with project stakeholders and demonstrate outstanding customer service that fosters positive relationships throughout the organization. The PCI Specialist – Intermediate is expected to have good understanding of US Healthcare including applicable laws, regulations and business needs, especially as they relate to a large provider organization like AdventHealth (ADH).

The value you’ll bring to the team:

• Under the direction of the PCI Manager and/or PCI Specialist – Senior:

o Support the PCI-DSS compliance initiatives aligned with business goals

o Support new acquisitions for any PCI-DSS compliance requirements

o Partner with security and network architecture team to help define and implement protections and defense-in-depth for PCI-DSS compliance requirements and help solve architecture gaps to maintain PCI-DSS attestation

o Partner with the stakeholders e.g., Business, Finance, Treasury, Legal, Network and Security architecture for PCI-DSS remediation gaps and status tracking required for maintaining compliance.

o Conduct periodic audits to continue to evaluate compliance with the PCI-DSS

o Review periodic network scans to identify vulnerabilities and partner with technology, engineering and architecture teams to remediate those vulnerabilities

o Serve in a consultative role to ensure individuals are aware of PCI-DSS compliance obligations and how to support compliant behavior and use of technology

o Escalate compliance concerns timely and effectively to business line management and to the Director of Enterprise Security

o Assist with the annual Self-Assessment Questionnaires (SAQ) and AOC review and coordinate with stakeholders the timely remediation of any gaps noted during process.

o Support awareness training of the workforce on information security standards, policies and best practices that help educate and grow PCI-DSS awareness

o Support the Incident Response Team to ensure timely containment, investigation, mitigation and response related to suspected merchant data compromises.

o Support transparent and measurable risk management metrics and reporting for the PCI-DSS Program

• Knowledge of the following areas: PCI-DSS, HIPAA Security and Privacy Rule, Red Flags Rule, HITECH, Meaningful Use (MU) and HITRUST.

• Knowledge of audit frameworks

• Knowledge and experience with PCI-DSS, Risk Management Standards (OCTAVE/ NIST/ISO)

• Experience in analyzing penetration testing results and prioritizing remediation for identified vulnerabilities.

• Knowledge of PCI-DSS remediation tracking and follow ups with the stakeholders.

• Experience in analyzing PCI-DSS ASV scan reports.

• Understanding in utilizing a risk-based approach to secure applications, databases and infrastructure based upon business needs.

• Basic understanding of auditing information security programs and systems.

• Ability to review network and security device (i.e., Firewalls, Switches, Routers, IDS, IPS and Load Balancers etc.) configurations and analyze network architectures.

• Ability to review system hardening (Servers/ Virtualization Devices/ Cloud Infrastructure/ Databases)

• Basic understanding of IT Security, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption and key management best practices etc.

• Understanding of security requirements related to cloud-based applications/environments.

• Experience in Microsoft suite of applications (Word, Excel, PowerPoint, Project, etc.).

• Excellent in English – written and spoken

• Good project management and time management skills.

• Team player with a positive and enthusiastic attitude.

• Ability to coordinate and prioritize multiple tasks and projects simultaneously.

• Ability to work in fast-paced environment to support evolving business needs.

Qualifications

The expertise and experiences you’ll need to succeed :

KNOWLEDGE AND SKILLS REQUIRED:

• Bachelor’s degree in computer science, information systems, cybersecurity, a related field or an equivalent of over 3 years of related work experience in risk assessments and risk-based frameworks (NIST, ISO, or HITRUST)

• Proven experience in assisting in the PCI-DSS Self-Assessment Questionnaires (SAQs) and Attestation of Compliance (AOC) for Level 1/2 merchants

EDUCATION AND EXPERIENCE PREFERRED :

• Master’s in computer sciences / Information Systems / Cybersecurity or Business Administration.

• Proven experience in assisting with the PCI-DSS Report on Compliance (RoC)

• Over three (3) years of work experience in the healthcare (Payer or Provider), information security and/or financial industry.

CERTIFICATIONS PREFERED:

• PCI Professional (PCIP) or completion of the PCIP within 12 months of hire date

• Internal Security Assessor (ISA)

One of the following

• Certified Information Systems Auditor (CISA) or

• Certified Information Systems Security Professional (CISSP)

This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances. The salary range reflects the anticipated base pay range for this position. Individual compensation is determined based on skills, experience and other relevant factors within this pay range. The minimums and maximums for each position may vary based on geographical location.

Category: Information Systems

Organization: AdventHealth Information Technology

Schedule: Full-time

Shift: 1 - Day

Req ID: 24010599

We are an equal opportunity employer and do not tolerate discrimination based on race, color, creed, religion, national origin, sex, marital status, age or disability/handicap with respect to recruitment, selection, placement, promotion, wages, benefits and other terms and conditions of employment.