Digital Products and Services team members are responsible for securely managing information systems throughout their lifecycle, including; knowing what information systems are within their scope of responsibility, understanding what sensitive data is stored, transmitted, or processed on those information systems, enforcing the security principles of least privilege and least functionality, knowing what events may constitute an information security incident, and understanding their role in security incident response activities. Under general direction, perform quality assurance audits of the highest risk, new and existing applications to ensure that appropriate security controls exist, that identity and access management processing is efficient and accurate, and that information systems procedures for the management of administrative entitlements are documented and in compliance with corporate policies and standards.
Primary participant in internal and external audit reviews, including evidence collection, audit inquiry responses, and remediation of audit findings. Develop and lead the timely administration of quarterly access reviews. Provide guidance on identity and access management requirements and implementation methodologies as part of the enterprise process for on-boarding applications into the NH technology environments.
Possesses a full understanding of, and provides input to, all policies, standards, and procedures associated with identity provisioning and governance. Key contributor in projects involving the implementation of identity and access management related applications and/or toolsets, including developing requirements, current and future state processes, and product implementation. Keep abreast of changes and trends related to identity and access management. Competent to work at the highest level of all phases of identity and access management auditing.
Education: High school diploma required. Bachelor's degree preferred.
Experience: Minimum eight years relevant experience required.
Licensure/certification/registration: EPIC Security Coordinator Certification and the Certified Information Security Auditor (CISA), must obtain within eighteen months in the role required.
Additional skills required: Senior knowledge of authenticator types, authenticator assurance levels, identity life cycle processes including, but not limited to, account management, identifier management, role-based access management, attribute-based access management, attestation and certification, user self-service, password management.Intermediate knowledge of MS Active Directory's domain structure schema, user and group object attributes.
Knowledge of information systems auditing processes, regulatory requirements including, but not limited to, PCI DSS, HIPAA, HITRUST. Basic knowledge of and ability to work with one of the following query/scripting languages; Structured Query Language (SQL), Windows PowerShell, Extensible Markup Language (XML), Excel functions and formulas.
Additional skills preferred: Functional knowledge of COBIT and NIST standards and other regulations that govern Information Security for a Health Care organization.
Our team members are part of an environment that fosters team work, team member engagement and community involvement. The successful team member has a commitment to leveraging diversity and inclusion in support of quality care. All Novant Health team members are responsible for fostering a safe patient environment driven by the principles of "First Do No Harm".