IS Information Security Specialist III

Philadelphia, PA, US, 19107

Location: LOC_HOME-Home/Remote Office Location 

Req ID: 95811

Shift: Days

Employment Status: Regular - Full Time 

Job Summary

  1. Exhibits proven technical knowledge in multiple information security disciplines (access control, monitoring, GRC), and industry standards frameworks, and security operations models.
  2. Exhibits proven technical knowledge in multiple security engineering disciplines and understands different firewall architectures.
  3. Demonstrates proficient skills in designing, implementing information security solutions, risk management platforms, and providing input on information security strategic plans.
  4. Provide leadership support to IS teams around security initiatives.
  5. Proven knowledge of security applications such as intrusion detection systems and forensics packages.
  6. Assists with budget planning, provide input on CHOP information security strategic planning, GRC, technology and engineering standards and practices.
  7. Co-facilitates cross-functional work teams and exhibits ability to clearly articulate problems, issues, and potential solutions to team members and clients (written & verbal) across multiple levels within the enterprise.
  8. Exhibits the ability to manage multiple concurrent projects, manage, mentor, and coach staff and client expectations.
  9. Exhibits extensive knowledge of related best practices and advocates their use throughout CHOP.
  10. Performs analysis and fulfills requests of eDiscovery & forensics investigations independently.
  11. Participates in functional team members in activities related to incident response, change management, business continuity, and escalation planning.

Job Responsibilities

An Information Security Specialist III is a senior contributor with similar responsibilities as the Information Security Specialist II, but with a great degree of complexity. An Information Security Specialist III may be involved in some leadership activities. An Information Security Specialist III also:

  • Defines and documents information security principles and processes to assist enterprise solution architects in security decisions for the enterprise, including access control, security information and event monitoring, and data loss prevention, perimeter (e.g., firewalls, IPS, web filtering) and network security (host-based firewalls, anti-virus, disk encryption).
  • Develops, builds, tests deployment strategies for information security solutions for application development as part of the organizations System Development Life Cycle (SDLC) methodologies.
  • Defines and documents system security and compliance requirements in support of approved PMO projects, existing operational activities, trace all system security and compliance requirements, validates that requirements are addressed, including validation of the final detailed security design specifications to support PMO life cycle activities.
  • Performs analysis and fulfills requests of eDiscovery & forensics investigations independently by collecting evidence and maintaining chain of custody of records.
  • Participates as a member of the Hospital CERT team and performs various security information and event management procedures to support security investigations.
  • Participates on related InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates IS Hospital management on security issues (e.g., PCI, Identity and Access Management (IAM), Role Based Access Control (RBAC) models
  • Reviews periodic risk analysis and risk assessment activities in support of regulatory requirements (e.g., HIPAA Security & Privacy Rules, PCI DSS, and Joint Commission) utilizing established Governance Risk Compliance (GRC) technology or customized solutions.
  • Facilitates analysis of information security issues and recommends solutions for remediation.
  • Meets with clinical and business units to determine specific security requirements for application development & validate that requirements, documentation, design, and build are complete and accurate for application level development projects.
  • Supports CHOP IS capital budget planning process.

Job Responsibilities (Continued)

Job Responsibilities (Continued)

Required Licenses, Certifications, Registrations

Other relevant healthcare IS certs

Required Education and Experience

  • Industry security certification required such as HealthCare Information Security and Privacy Practitioner (HCISPP)
  • Bachelor’s degree in Computer Science, Information Systems, or related field required.
  • 5 – 12 years related work experience; 4+ years of experience with information security, regulatory compliance and risk management concepts
  • 3 years of security architecture/engineering required
  • Comprehensive understanding of InfoSec risk management concepts, security engineering principles & practices, (e.g., COBIT or NIST).
  • Demonstrates a basic knowledge and understanding of Information security principles, System Development Life Cycle (SDLC), general and IT controls, security engineering principles, and related information security policies and procedures.
  • Exhibits knowledge of industry regulatory standards and accreditation requirements (HIPAA, PCI, and Joint Commission).

Preferred Education, Experience & Cert/Lic

Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC) or other industry related certification

Additional Technical Requirements

1. Comprehensive know of information security regulations, standards and leading practices, including understanding of EHR application access controls.
2. Good knowledge of basic database query techniques & data mining to analyze data (e.g., Excel, SQL, Quickbase, Business Objects) or other related database functionality.
3. Knowledge of MS Active Directory, UNIX, and Clinical Applications a plus.
4. Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus (PeopleSoft, SAP).
5. Understands different firewall architectures (packet filter, application firewalls, application proxy, and VPN) and brands (Checkpoint, Cisco)
6. General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security.
7. Some knowledge of security applications such as intrusion detection systems and forensics packages (EnCASE), ArcSight, Foundstone
8. Understands differences in perimeter and DMZ architectures & experience with industry standards with system architectures including various UNIX and Microsoft Windows server and desktop platforms.
9. Has experience with application layer formats, usage and characteristics (HTTP, FTP, SSH, DNS, SMTP). Has knowledge of system architecture and design.
10. Microsoft, UNIX, Lawson, and Clinical Applications (e.g., Epic).
11. Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project).
12. Experience with risk management frameworks.

Information Security Requirements
1. Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
2. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store CHOP information.
3. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.


All CHOP employees who work in a patient building or who provide patient care are required to receive an annual influenza vaccine unless they are granted a medical or religious exemption.

Children's Hospital of Philadelphia is committed to providing a safe and healthy environment for its patients, family members, visitors and employees. In an effort to achieve this goal, employment at Children's Hospital of Philadelphia, other than for positions with regularly scheduled hours in New Jersey, is contingent upon an attestation that the job applicant does not use tobacco products.

Children's Hospital of Philadelphia is an equal opportunity employer. We do not discriminate on the basis of race, color, gender, gender identity, sexual orientation, age, religion, national or ethnic origin, disability or protected veteran status.

VEVRAA Federal Contractor/Seeking priority referrals for protected veterans.  Please contact our hiring official with any referrals or questions.

CHOP Careers Contact 

Talent Acquisition

2716 South Street, 6th Floor

Philadelphia, PA 19146 




Nearest Major Market: Philadelphia

Job Segment: Information Security, Medical, ERP, Information Systems, EMR, Technology, Healthcare