Archer/Keylight Security Specialist - Senior (GRC)

  • Adventist Health System
  • Altamonte Springs, FL, USA
  • Nov 29, 2017

Job Description

Senior Information Security Specialists as part of the Information Security Governance Team are responsible for the development and administration of Information Technology Governance, Risk, and Compliance (GRC) solutions and content. This position will develop, integrate and administer complex enterprise GRC workflows, data, system integration and related tools. Other key activities include working with Information Security, Information Technology and business stakeholders to understand and support their use of the IT GRC platform and to ensure Information Security controls are managed though out a full lifecycle that includes policies, procedures, implementation, metrics, and assurance requirements. This person should also have the knowledge of industry best practices for Information Security GRC, industry recognized information security frameworks, proficiency in multiple development languages, database expertise, a robust knowledge of the security of information systems and techniques required to protect the confidentiality, integrity, and availability of sensitive information. Strong interpersonal and communication skills, critical thinking, analytical and problem-solving skills are required to avoid checkbox mentality and tackle unexpected challenges by coming up with intelligent ways of providing functionality and security. This specialist must have an excellent understanding of information security program needs, risks, along with project management experience. He/she should be able to work well under pressure, independently, and also be able to perform effectively in a team setting to achieve organizational goals.


Responsibilities and essential job functions include but are not limited to the following:

• Develop workflows and administer enterprise GRC solution

• Integrate enterprise GRC with other IT systems including identity and access management, IT ticketing system, asset inventory and vulnerability management

• Continually optimize and enhance workflows

• Provide status updates and present on GRC solution related topics to other team members in a professional manner

• Support security training and awareness program by providing GRC contents to the training teams

• Engage and work with a variety of internal departments and external organizations, including but not limited to legal firms, law enforcement agencies, and all other levels of government

• Participate in the routine administrative work of the Information Security Office(CDSO)



• Governance, Risk, and Compliance (GRC) software platform administration experience.

• Experience building and customizing GRC workflows including, forms, surveys, approval workflows, dashboards, database administration to support business and risk management processes

• General knowledge of Information Security frameworks and how to integrate the control requirements in a GRC platform

• Strong competency using Microsoft Visual Studio

• Experience developing against a REST based API

• Expert knowledge of C#, SQL, and XML

• Well versed in secure software development lifecycle procedures and concepts

• Well versed in project management procedures and concepts

• Have soft skills, such as multi-tasking, self-starter, prioritization, time management, decision making, teamwork, presentation, communication and strong interpersonal skills

• Microsoft suite of applications (Word, Excel, Visio, Project, etc.)


• Lockpath Keylight Governance, Risk, and Compliance (GRC) software platform deployment and administration experience

• Experience building and customizing Lockpath Keylight GRC workflows

• Working knowledge of information security risk management and risk assessment methodologies.

• Expert knowledge of one or more of the following: HITRUST, HIPAA Security and Privacy Rule, Red Flags Rule, Healthcare IT Standards (HITSP), HITECH, Meaningful Use (MU), COBIT, and PCI.

• Strong background in business application, IT, and information security development

• A diverse set of technical skills, such as IT infrastructure, operating systems, data centers, access controls, cloud security, applications security, malware protection, security monitoring, physical security controls, etc.

• Working knowledge of enterprise security systems (e.g., Firewalls, VPN, IDPS, SEIM), security threats and related risks, malware protection, virtual networks, asset management, pen-testing, vulnerability management, access management, configuration management, encryption techniques, cloud security, and 3rd party security


• Bachelor's degree in Computer Science or Information Systems or equivalent work experience.

• 3-5 years of experience developing complex business and/or risk based workflows in a professional services firm and/or large enterprise

• 3 or more years of experience in information security


• Masters in computer science, information systems/technology, cybersecurity, or business administration from an accredited university

• Experience in the healthcare industry doing information security


• Certified Information Systems Security Professional (CISSP) or ability to obtain CISSP within one year of hire date


• In addition to CISSP, Certified Information Security Manager (CISM)