BJC Careers

Security Awareness Program Administrator

Saint Louis, MO
Information Services


Job Description

Job ID: 1177231
Employment Status: Full-Time
Regular/Temporary: Regular

Your Career. Made Better.

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and mid-Missouri regions. BJC serves patients and their families in urban, suburban and rural communities through its 15 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.


Join Us!


Role Purpose

Develops security awareness communications and training programs in the healthcare setting.  Understands and ensures compliance with various information security regulations, including HIPAA, HITECH, PCI DSS, Meaningful Use, among others. Works in various governance frameworks, including the NIST Cybersecurity Framework, SANS/CIS Top 20 Critical Security Controls, NIST 800-53, ISO 27001, COBIT, ITIL, etc. Works independently with minimal supervision; interacts and communicates effectively with a diverse array of workforce members, including executive management, business process owners, vendors, and end users.


Responsibilities

  • Responsible for all IT Security Communications: Develops and implements an IT Security Awareness Communication plan that includes, at a minimum, formal enterprise-wide articles, targeted e-mail campaigns and internal social media posts. Provides ongoing written communication of upcoming IT Security initiatives and programs as well as articles about security current events that impact the BJC workforce. Manages the IT Security Website –internal to IT Security, internal to BJC and public facing for BJC patients and patient families.
  • BJC Security Awareness Training, including: Develop and implement an enterprise-wide training program that includes, but is not limited to: New Hire Orientation, Semi-Annual Security Awareness Events, Ad-Hoc Events, Phishing Campaigns, Security Awareness Videos (e.g., YouTube), and Other.
  • Collaborate with Corporate Compliance to provide IT Security input as part of in person (e.g., Fall Forum) and online (Annual Compliance) annual, required compliance training.
  • Promote an understanding of BJC IT Security policies and procedures as well as minimum security requirements, security best practices, applicable regulatory standards and risks to BJC in the IT department as well as across the enterprise.
  • Demonstrate a solid understanding of various cybersecurity measures, such as: Security risk management and governance; complex business and information technology management processes and controls in the practical context of day to day business settings; emerging technology and security governance implications; best practices related to: business solution security (e.g., on-premise, SaaS, mobile, wireless, etc.); Common data protection strategies (e.g., encryption, segmentation, layering, etc.); vulnerability assessment and penetration testing; patch management; security monitoring; and incident management.

  • Minimum Requirements

     

    Degree

  • Associate's Degree
  •  

    Experience

  • 5-10 years
  •  

    Supervisor Experience

  • No Experience

  •  

    Preferred Requirements and Additional Job Information

     

    Degree

  • Bachelor's Degree
  •  

    Experience

  • 10+ years
  •  

    Licenses & Certifications

  • CIA
  • Cert Information Privacy Prof
  • CISA
  • Cert. Info Security Officer
  • CISSP
  • Certified in Risk & IS Control

  • Benefits Statement

    Note: not all benefits apply to all openings

    -  Comprehensive medical, dental, life insurance, and disability plan options
    -  Pension Plan*/403(b) Plan
    -  401(k) plan
    -  Tuition Assistance
    -  Health Care and Dependent Care Reimbursement Accounts
    -  On-Site Fitness Center (depending on location)
    -  Paid Time Off Program for vacation, holiday and sick time

    *Pension does not apply to Memorial Hospital, Memorial Hospital East, Memorial Medical Group, Alton Memorial or Parkland Health Center


    Legal Statement

    The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job.

     

    Equal Opportunity Employer