Cyber Security Engineer, Risk Management (Remote)

Community Health Systems is one of the nation’s leading healthcare providers. Developing and operating healthcare delivery systems in 39 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 70 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.

Summary:

As a member of the Cyber Security Risk Management team, the Cyber Risk Engineer will be responsible for performing risk management activities to identify and document cybersecurity risks to the organization, track remediation efforts, and assist with reporting on cybersecurity risks in various formats. The Cyber Risk Engineer will be responsible for cybersecurity risk reviews as it pertains to control and policy exceptions across the environment. The Cyber Risk Engineer will work directly with other cybersecurity and information technology team members, as well as business partners, to develop plans for reporting and remediation of cybersecurity risks across the enterprise.

Essential Duties and Responsibilities:

• Assist with maintaining the cybersecurity risk register and issue register, including tracking of risk priority to the company and issue remediations as they progress.
• Ensure that remediation efforts are properly documented and categorized. Coordinate with relevant teams to verify the effectiveness of remediation actions.
• Maintain metrics to measure the progress of the cybersecurity risk program and identify trends pertaining to the environment.
• Review exception requests to standard cybersecurity controls to identify resulting risk in preparation for leadership decisions.
• Work with a team to improve cybersecurity risk management services through the identification and execution of process improvement efforts.
• Business and Soft Skill expectations:
  • Communicate and interact effectively and professionally with co-workers, management, customers, etc.
  • Maintain complete confidentiality of company business and risks.
  • Communicate with management regarding development within areas of assigned responsibilities and perform special projects as required or requested.

Minimum Qualifications:

• Required Education: High School diploma
• Preferred Education: Bachelor’s Degree in Cyber Security, Computer Science, Risk Management (or other related field), or equivalent work experience.
• Required Experience:
  • Duration:
    • 3+ years of IT or information security, and
    • 2+ years of risk management
  • Activities:
    • Practical experience with risk management activities.
    • Worked in process-driven structured environments and participated in process optimization activities.
  • Competencies:
    • Knowledge of cybersecurity risk frameworks
    • Proactive identification and solving of complex problems
    • Effective communication of complex concepts to a non-technical audience
    • Excellent written and verbal communication skills
  • Required License/Registration/Certification: None
  • Computer Skills Required: Productivity suite software required

Physical Demands:
In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.