Apply on Employer Site

HCA Healthcare · 19 hours ago

Senior Security Controls Engineer

Nashville, TN

Full-time

Onsite

Senior Level

5+ years exp

HCA Healthcare is a trusted organization committed to delivering compassionate care to patients. They are seeking a Senior Security Controls Engineer to enhance their information protection program by evaluating and monitoring security controls, conducting risk assessments, and ensuring compliance with regulatory standards.

BiotechnologyHealth CareHospitalMedicalPrimary and Urgent Care

H1B Sponsor Likely

Responsibilities

Performs the collection of the top and most pressing IT security risks (regulatory, security of critical enterprise applications and infrastructure, vendors, etc.), analyze, monitor, and derive strategic decisions that balance risk with operation and economic costs of protective measures

Performs interviews with company senior management and business owners to confirm anticipated business effects resulting from the actual occurrence of any of the identified enterprise security risks

Leverages inventory of key vendors, applications, processes, and infrastructure items and their impact to the top and most pressing IT security risks. Additionally, maps applications, processes, and infrastructure items to appropriate security risks

Performs activities to identify key controls (policy, procedure, practice, or organizational structure) that if implemented would provide reasonable assurance that security objectives will be achieved and undesired events will be prevented or detected and corrected

Performs activities to review, develop, and implement security controls plans, vendor security agreements, and security exceptions to control standards

Performs activities to conduct technical security reviews and assessments of vendors, applications, processes, and IT infrastructure

Performs activities related to the analysis of data collected during security reviews and assessment of vendors, applications, processes, and IT infrastructure in order to determine current state of security risk across the company

Performs activities to develop remediation plans to address issues discovered as result of security reviews and/or assessments of vendors, applications, processes, and IT infrastructure. Works with management to assign remediation responsibilities, actions, and priorities

Performs activities to monitor and track remediation activities to address weaknesses and issues discovered through security reviews or audits of vendors, applications, processes, and IT infrastructure

Performs activities to develop strategies to ensure compliance with security standards as well as regulatory and audit issues

Performs activities to provide periodic reporting including assessment findings and recommendations for improvement to applicable constituencies (e.g., executive management, facility leadership, and governance committee)

Identifies security related regulatory requirements (ie. PCI-DSS, SOX, HIPAA), and interacts with internal and external assessors and auditors to ensure ongoing compliance

Qualification

Information Security ControlsRisk AssessmentRegulatory ComplianceSecurity ConsultationCISSPGSECCISAPCIPHCISPPIT Audit/Risk ManagementAnalytical SkillsInterpersonal SkillsOral CommunicationWritten Communication

Required

5+ years of relevant work experience

Bachelor's Degree

Performs interviews with company senior management and business owners to confirm anticipated business effects resulting from the actual occurrence of any of the identified enterprise security risks

Performs activities to review, develop, and implement security controls plans, vendor security agreements, and security exceptions to control standards

Performs activities to conduct technical security reviews and assessments of vendors, applications, processes, and IT infrastructure

Performs activities to develop strategies to ensure compliance with security standards as well as regulatory and audit issues

Identifies security related regulatory requirements (ie. PCI-DSS, SOX, HIPAA), and interacts with internal and external assessors and auditors to ensure ongoing compliance

Preferred

CISSP Certified Information Systems Security Professional

GSEC GIAC Security Essentials Certified

CISA Certified Information Systems Auditor

PCIP PCI Professional Training

HCISPP Healthcare Information Security and Privacy Practitioner

Security Technologies / Methodologies

IT Audit/Risk Management

Information Security Metrics and Reporting

Systems Control Review Process

Application/Infrastructure Control Review Process

Working knowledge of the COSO and COBIT methodologies

Experience with ISO17799, HIPAA, Sarbanes-Oxley, PCI-DSS

Experience with IT risk, regulatory, or compliance responsibilities

Possession of excellent analytical and interpersonal skills

Possession of excellent oral and written communication skills

Benefits

Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.

Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.

Free counseling services and resources for emotional, physical and financial wellbeing

401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)

Employee Stock Purchase Plan with 10% off HCA Healthcare stock

Family support through fertility and family building benefits with Progyny and adoption assistance.

Referral services for child, elder and pet care, home and auto repair, event planning and more

Consumer discounts through Abenity and Consumer Discounts

Retirement readiness, rollover assistance services and preferred banking partnerships

Education assistance (tuition, student loan, certification support, dependent scholarships)

Colleague recognition program

Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)

Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Company

HCA Healthcare

Glassdoor3.3

HCA Healthcare provides medical education and healthcare services in locally managed facilities. It is a sub-organization of North Florida Endoscopy Center.

Founded in 1968

Nashville, Tennessee, USA

10001+ employees

https://hcahealthcare.com/

H1B Sponsorship

HCA Healthcare has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (2)

2022 (2)

2020 (1)

Funding

Current Stage

Public Company

Total Funding

$8.51B

2025-10-31Post Ipo Debt· $3.25B

2025-02-24Post Ipo Debt· $5.25B

2014-06-25Post Ipo Debt· $3.2M

Leadership Team

Nicholas Manning

Chief Executive Officer

Nick Lane

Regional Vice President Human Resources

Recent News

Bizjournals.com Feed (2025-11-12 15:43:17)

HCA Healthcare among first to access OpenAI's new health care programs

2026-01-11

Business Wire

HCA Healthcare, Inc. 4th Quarter 2025 Earnings Conference Call

2025-12-31

The Motley Fool

These 2 Healthcare Stocks Beat the Market in 2025. Should You Buy Them in 2026?

2025-12-26

Company data provided by crunchbase