Principal AI Data Security Engineer

Description

Introduction

Are you passionate about the patient experience? At HCA Healthcare, we are committed to caring for patients with purpose and integrity. We care like family! Jump-start your career as a Principal AI Data Security Engineer today with HCA Healthcare.

Benefits

HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
  
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
  
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
  
• Family support through fertility and family building benefits with Progyny and adoption assistance.
  
• Referral services for child, elder and pet care, home and auto repair, event planning and more
  
• Consumer discounts through Abenity and Consumer Discounts
  
• Retirement readiness, rollover assistance services and preferred banking partnerships
  
• Education assistance (tuition, student loan, certification support, dependent scholarships)
  
• Colleague recognition program
  
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
  
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.
  

Learn more about Employee Benefits

Note: Eligibility for benefits may vary by location.

Come join our team as a Principal AI Data Security Engineer. We care for our community! Just last year, HCA Healthcare and our colleagues donated $13.8 million dollars to charitable organizations. Apply Today!

Job Summary and Qualifications

Position Summary

We need to enable the company to leverage the power and potential of AI technology while upholding the highest standards of security, trust, and accountability. In this role, you will work closely with our AI/Data product teams to secure HCAs leading edge date products. In this role you will be responsible for implementing vulnerability assessments, security architecture reviews and assisting with development tasks related to remediation planning and execution.

Major Responsibilities:

• Conduct security testing and vulnerability assessments that meet HCA Healthcare data security standards.
• Determine appropriate security controls throughout the lifecycle of digital solutions.
• Develop internal benchmarks and evaluation protocols for AI/Data products, including protocols for LLMs
• Support addressing known security risks.
• Collaborate with internal teams such as legal, privacy, and risk management to accelerate the review and approval process.
• Serve as primary point of contact for DT&I pods for operationalizing threat detection and vulnerability remediation in development pipelines
• Perform threat modeling to identify and mitigate potential security threats.
• Conduct periodic leadership briefings to review security status, trends, and facilitate risk-informed decisions.

Collaboration and Communication

• Build relationships with developers, stakeholders, and product managers to incorporate security principles into engineering design and deployments and promote a positive security culture.
• Collaborate with development teams to ensure secure data product designs and implementations.
• Engage with internal and external teams for vulnerability and penetration testing and participate in security audits and assessments to ensure compliance with organizational standards and policies.
• Serve as a security consultant to define security requirements, advise on secure application and infrastructure design, and identify potential issues
• Collaborate with external stakeholders to share AI security best practices and stay updated on emerging standards.
• Work closely with cross-functional teams, security leadership, and key stakeholders to incorporate security standards into the development lifecycle, evaluate and implement data protection controls, and ensure configurations are aligned with organizational risk posture and compliance requirements.
• Work in tandem with team leads and subject matter experts to ensure configurations are aligned, adopted and implemented.

Security Strategy and Implementation

• Define, prioritize, plan, and implement security features that enable and support HCA Healthcare's transformation strategy.
• Design, implement, and maintain security protocols and policies for our cloud infrastructure and data platforms.
• Specify and validate data masking rules.
• Provide security expertise and support during the development and implementation of new products and services.
• Provide guidance and recommendations for security improvements and incident response planning.
• Oversee security attributes of data catalog, including classifying and tagging data.
• Ensure security checks are included in the data and deployment pipelines.

Security Assessment and Risk Management

• Integrate security scans and checks into CI/CD pipelines to streamline security processes and reduce manual intervention
• Facilitate third-party risk assessments and manage associated risks to protect AI solutions.
• Implement Data/MLOps security monitoring tools to detection potential data breaches and security incidents.
• Manage and test business rules protecting data, as well as the use and handling of data assets.

AI Security

• Implement an AI security framework to provide a secure foundation to support HCA Healthcares digital transformation efforts and reduce the likelihood of a major business impact occurring from AI adoption.
• Operationalize clear, measurable objectives for AI security to streamline the evaluation and approval process, ensure compliance with regulatory requirements, and benchmark against other companies.
• Facilitate security reviews/approvals by measuring against pre-defined standards/criteria.
• Operationalize and refine metrics and key performance indicators (KPIs) to monitor the effectiveness of AI security measures and drive continuous improvement.
• Collaborate with Enterprise Security Architecture and AI/Data Security Delivery Architect to implement a three-year plan to improve AI product and platform privacy and security.

Training and Awareness

• Collaborate with the AI/Data Security Delivery Architect to conduct regular security training and awareness programs for AI development and operational teams to foster a culture of security within the organization.

Documentation and Compliance

• Document security issues, outline remediation options, oversee mitigation, and communicate results in a manner understood by technical and non-technical business units based on risk tolerance and threats to the business.
• Develop and maintain security documentation.
• Ensure data protection measures comply with legal and regulatory requirements and uphold product cybersecurity principles.

Security Innovation and Improvement

• Establish a feedback loop to continuously refine and update requirements based on lessons learned and evolving security landscapes, maintaining alignment with organizational goals and regulatory expectations.
• Recommend controls where there are security gaps and track through to implementation and validation.
• Engage third-party AI delivery and development platforms to integrate secure practices and technologies.
• Stay up to date with cybersecurity threats, risks and vulnerabilities with potential impact to AI products and platforms.
• Communicate and recommend changes to the product ecosystem designed to mitigate security issues.
• Maintain understanding of business processes to aid in managing enterprise data protection.
• Stay current with the latest security trends, technologies, and best practices.

Monitoring and Reporting

• Generate detailed security reports to provide leadership with insights into the security posture of data/AI products and highlight any emerging threats or vulnerabilities.
• In conjunction with Enterprise Security Architecture, provide updates on the progress of AI security initiatives and any roadblocks encountered.
• Establish a centralized dashboard to provide real-time visibility into the security status of data and AI systems across the organization.
• Performs other duties as assigned
• Practices and adheres to the Code of Conduct philosophy and Mission and Value Statement.

Education & Experience:

• Bachelor's degree Required (Bachelor's degree Information Systems Preferred)
• 7+ years of experience in a cyber security or data engineering role Required
• Or equivalent combination of education and/or experience

Licenses, Certifications, & Training:

• CISSP Preferred
• CISA Preferred
• CISM Preferred
• CEH Preferred

Knowledge, Skills, Abilities, Behaviors:

• Service and Quality Excellence: Ability to demonstrate an uncompromising commitment to delivering exceptional care to create an unmatched value proposition for our patients.
• Honor our Mission and Values: Ability to build trust and act with authenticity to cultivate a culture of integrity, inclusion, and mutual respect.
• Effective Decision Making: Ability to make timely, informed decisions that are in the best interest of our patients, employees, providers, community and HCA.
• Attain and Leverage Strategic Relationships: Ability to develop and strengthen collaborative relationships with both internal and external stakeholders to advance the care of our patients and the growth of HCA.
• Lead and Develop Others: Ability to lead others to accomplish organizational goals and objectives; provide meaningful coaching and mentoring to increase the capabilities of individuals and teams and drive employee engagement.
• Communicate with Impact: Ability to deliver information in a clear, concise, and compelling manner to effectively engage others and achieve desired results.
• Achieve Success through Change: Ability to identify opportunities for improvement and innovation, remove barriers and resistance, and enable desired behaviors.
• Drive Execution and Financial Results: Ability to commit to the success and financial wellbeing of HCA by challenging others to excel and hold themselves and others accountable for achieving results.
• Proven experience in cloud security, preferably with Google Cloud.
• Strong understanding of data security, including encryption, identity and access management (IAM), and data privacy regulations.
• Familiarity with MLOps or DataOps tools and practices, including CI/CD pipelines, model monitoring, and version control.
• Knowledge of current academic work in Adversarial attacks of LLMs and Data pipelines.
• Proficiency in programming languages commonly used in ML development (e.g., Python, R).
• Experience with security tools and frameworks relevant to cloud-based data platforms.
• Strong communication skills to effectively liaise with internal stakeholders, including the Information Protection team.
• Ability to work closely with cross-functional teams to design secure and scalable solutions.
• Proven experience as a Security Engineer, DevOps Engineer, Data Engineer or similar role.
• Strong knowledge of data security standards, protocols, and best practices.
• Excellent communication and collaboration skills.
• Ability to work effectively with cross-functional teams.
• Strong problem-solving and analytical skills.
• Relevant certifications such as CISSP, CISM, or CEH are a plus.
• Experience in the healthcare industry.
• Knowledge of regulatory requirements such as HIPAA and HITECH.
• Familiarity with AI Security Frameworks, cloud security, CSPM tools, and DevSecOps practices.

HCA Healthcare has been recognized as one of the World's Most Ethical Companies by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"The great hospitals will always put the patient and the patient's family first, and the really great institutions will provide care with warmth, compassion, and dignity for the individual."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder

If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Principal AI Data Security Engineer opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.