HCA Healthcare · 1 day ago
Consulting Security Risk Controls Engineer PCI
Nashville, TN
Full-time
Hybrid
Senior Level
7+ years expHCA Healthcare is committed to delivering respectful and compassionate care while recognizing the intrinsic worth of each individual. They are seeking a Consulting Security Risk Controls Engineer to support their information protection program, focusing on PCI compliance and security consultation. The role involves assessing security risks, implementing security controls, and ensuring compliance with regulatory standards.
BiotechnologyHealth CareHospitalMedicalPrimary and Urgent Care
Responsibilities
Assesses/Reviews Service Providers for PCI-DSS Compliance
Collect the top and most pressing IT security risks (regulatory, security of critical enterprise applications and infrastructure, vendors, etc.), analyze, monitor, and derive strategic decisions that balance risk with operation and economic costs of protective measures
Conducts interviews with company senior management and business owners to confirm anticipated business effects resulting from the actual occurrence of any of the identified enterprise security risks
Leverages an inventory of key vendors, applications, processes, and infrastructure items and their impact to the top and most pressing IT security risks. Additionally, maps applications, processes, and infrastructure items to appropriate security risks
Leads activities to identify key controls (policy, procedure, practice, or organizational structure) that if implemented would provide reasonable assurance that security objectives will be achieved and undesired events will be prevented or detected and corrected
Leads activities to review, develop, and implement security controls plans, vendor security agreements, and security exceptions to control standards
Leads activities to conduct technical security reviews and assessments of vendors, applications, processes, and IT infrastructure
Leads activities related to the analysis of data collected during security reviews and assessment of vendors, applications, processes, and IT infrastructure in order to determine current state of security risk across the company
Leads activities to develop remediation plans to address issues discovered as result of security reviews and/or assessments of vendors, applications, processes, and IT infrastructure. Works with management to assign remediation responsibilities, actions, and priorities
Leads activities to monitor and track remediation activities to address weaknesses and issues discovered through security reviews or audits of vendors, applications, processes, and IT infrastructure
Leads activities to develop strategies to ensure compliance with security standards as well as regulatory and audit issues
Leads activities to provide periodic reporting including assessment findings and recommendations for improvement to applicable constituencies (e.g., executive management, facility leadership, and governance committee)
Identifies security related regulatory requirements (ie. PCI-DSS, SOX, HIPAA), and interacts with internal and external assessors and auditors to ensure ongoing compliance
Qualification
Required
7+ years
Bachelor's Degree Preferred
PCI QSA Certified
PCIP PCI Professional Training
CISSP Certified Information Systems Security Professional
GSEC GIAC Security Essentials Certified
CISA Certified Information Systems Auditor
HCISPP Healthcare Information Security and Privacy Practitioner
Preferred
Security Technologies / Methodologies
IT Audit/Risk Management
Information Security Metrics and Reporting
Systems Control Review Process
Application/Infrastructure Control Review Process
5+ years of relevant work experience and COBIT methodologies
Working knowledge of the COSO and COBIT methodologies
Experience with ISO27001, HIPAA, Sarbanes-Oxley, PCI-DSS
Experience with IT risk, regulatory, or compliance responsibilities
Possession of excellent analytical and interpersonal skills
Possession of excellent oral and written communication skills
Benefits
Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
Free counseling services and resources for emotional, physical and financial wellbeing
401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
Employee Stock Purchase Plan with 10% off HCA Healthcare stock
Family support through fertility and family building benefits with Progyny and adoption assistance.
Referral services for child, elder and pet care, home and auto repair, event planning and more
Consumer discounts through Abenity and Consumer Discounts
Retirement readiness, rollover assistance services and preferred banking partnerships
Education assistance (tuition, student loan, certification support, dependent scholarships)
Colleague recognition program
Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.
Company
HCA Healthcare
HCA Healthcare provides medical education and healthcare services in locally managed facilities. It is a sub-organization of North Florida Endoscopy Center.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
$8.51B2025-10-31Post Ipo Debt· $3.25B
2025-02-24Post Ipo Debt· $5.25B
2014-06-25Post Ipo Debt· $3.2M
Leadership Team
Nicholas Manning
Chief Executive Officer
Nick Lane
Regional Vice President Human Resources
Recent News
2025-12-31
2025-12-26
2025-12-24
Company data provided by crunchbase