Discover Vanderbilt University Medical Center: Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded, and your abilities challenged. Vanderbilt Health is committed to an environment where everyone has the chance to thrive and where your uniqueness is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt’s mission is to advance health and wellness through preeminent programs in patient care, education, and research. Organization: VEC ClinicalCyberRisk Job Summary: This position will conduct application risk assessments crucial to enterprise-wide systems. This position will provide support in security architecture and participate in incident response as dictated. This position will leverage IT risk management tools to determine appropriate measures for risk mitigation as needed. The position will be part of the Clinical Cyber Risk assessment team and is a critical component of processing assessments in a timely fashion and providing enhanced user training for VUMC employees and contractors. . KEY RESPONSIBILITIES • Conducts application focused risk assessments. • Assists application owners with security best practices. • Participates in incident response activities related to systems. • Executes passive and active user training activities. • Monitors systems for suspect behavior. • The responsibilities listed are a general overview of the position and additional duties may be assigned. TECHNICAL CAPABILITIES • Risk Assessment (Novice): Demonstrates familiarity with professional risk assessment processes and understands risk prioritization. Evaluates risks with an eye toward regulatory concerns while staying aware of current attack vectors. Identifies viable mitigation strategies that can be presented to business owners for consideration. Documents risk findings and suggested mitigations in a concise manner that can be clearly communicated to stakeholders. • Regulatory Awareness (Novice): Demonstrates knowledge of healthcare regulations and security best practices. Identifies appropriate sources of governmental and industry guidance. Interprets regulations and guidance to assist application and business stakeholders with compliance and security best practice efforts. • Security Control Knowledge (Novice): Understands and has direct familiarity with common information security technical toolsets (e.g. firewall, SIEM, IPS, vulnerability scanner, etc.). Demonstrates knowledge of non-technical controls (e.g. physical and administrative). Able to effectively communicate with teams directly administering controls to identify suitable responses to identified risks. • User Training (Novice): Conducts formal, ad-hoc, and covert user training activities. Effectively communicates security risks to users of every skill level. Utilizes technical toolsets to aid and report on the training process (e.g. LMS, phishing campaigns, etc.) • Incident Response (Novice): Understands incident response processes and is able to work in a professional manner during an incident. Serves as a liaison between technical and non-technical parties. Has an understanding of the forensic process and is able to identify appropriate skillsets necessary to handle investigative activity. About the Department: Vanderbilt Health - VUMC Enterprise Cybersecurity (VEC) VEC provides information security service solutions for securing all administrative, clinical and research operations for all of Vanderbilt Health, the largest non-government employer in Middle Tennessee. Vanderbilt Health is always growing, with our current environment of 7 hospitals, nearly 40K staff, over 40K workstations, over 160K network connections, and numerous data centers and cloud environments, securing our health system is truly a challenge! To meet the challenge, VEC is led by 2 Vice Presidents and is structured with many dedicated teams, including: Active Vulnerability Assessment, Business Information Security Office, Business Resilience Services, Identity and Directory Services, Policy and Compliance, Security and Architecture Assurance, Security Engineer Services, Security Operations Center, and Threat Detection and Response. VEC also employs state-of-the-art technology and partners with the many IT and operational teams across the enterprise to ensure a partnered, cohesive, and comprehensive approach to information security. Our professional administrative functions include critical supporting roles in information technology and informatics, finance, administration, legal and community affairs, human resources, communications and marketing, development, facilities, and many more. At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose. Core Accountabilities: Organizational Impact: Executes job responsibilities with the understanding of how output would affect and impact other areas related to own job area/team with occasional guidance. Problem Solving/ Complexity of work: Analyzes moderately complex problems using technical experience and judgment. Breadth of Knowledge: Has expanded knowledge gained through experience within a professional area. Team Interaction: Provides informal guidance and support to team members. Core Capabilities : Supporting Colleagues:- Develops Self and Others: Invests time, energy, and enthusiasm in developing self/others to help improve performance e and gain knowledge in new areas.- Builds and Maintains Relationships: Maintains regular contact with key colleagues and stakeholders using formal and informal opportunities to expand and strengthen relationships.- Communicates Effectively: Recognizes group interactions and modifies one's own communication style to suit different situations and audiences. Delivering Excellent Services:- Serves Others with Compassion: Seeks to understand current and future needs of relevant stakeholders and customizes services to better address them.- Solves Complex Problems: Approaches problems from different angles; Identifies new possibilities to interpret opportunities and develop concrete solutions.- Offers Meaningful Advice and Support: Provides ongoing support and coaching in a constructive manner to increase employees' effectiveness. Ensuring High Quality: - Performs Excellent Work: Engages regularly in formal and informal dialogue about quality; directly addresses quality issues promptly.- Ensures Continuous Improvement: Applies various learning experiences by looking beyond symptoms to uncover underlying causes of problems and identifies ways to resolve them. - Fulfills Safety and Regulatory Requirements: Understands all aspects of providing a safe environment and performs routine safety checks to prevent safety hazards from occurring. Managing Resources Effectively: - Demonstrates Accountability: Demonstrates a sense of ownership, focusing on and driving critical issues to closure.- Stewards Organizational Resources: Applies understanding of the departmental work to effectively manage resources for a department/area.- Makes Data Driven Decisions: Demonstrates strong understanding of the information or data to identify and elevate opportunities. Fostering Innovation:- Generates New Ideas: Proactively identifies new ideas/opportunities from multiple sources or methods to improve processes beyond conventional approaches.- Applies Technology: Demonstrates an enthusiasm for learning new technologies, tools, and procedures to address short-term challenges.- Adapts to Change: Views difficult situations and/or problems as opportunities for improvement; actively embraces change instead of emphasizing negative elements. Position Qualifications: Responsibilities: Certifications: CompTia Security+ - Licensure-Others Work Experience: Relevant Work Experience Experience Level: 2 years Education: Bachelor's Vanderbilt Health is committed to fostering an environment where everyone has the chance to thrive and is committed to the principles of equal opportunity. EOE/Vets/Disabled.

• Document, assess, influence, and synthesize business requirements to develop, enable, and advance data governance and stewardship capabilities • Serve as a dedicated liaison to a community of Business Data Stewards and other stakeholders by providing mentorship and guidance on data governance processes, capabilities, and best practices • Be the expert in the use of, establish standards for, configure, and provide training on data governance technologies with a concentration on the data glossary and catalog tools • Act as technical support to Business Data Owners and Data Stewards • Facilitate and promote usage and adoption of the data governance tools, particularly among business users • Utilize the data quality technology to design and develop rules, mappings, and transformations to measure and improve the quality of data as well as routines and algorithms to identify and match potential duplicate records • Create, deploy, and execute workflows to automate data quality procedures and escalate identified exceptions and defects to Business Data Stewards for remediation • Develop candidate Key Performance Indicators and dashboards to measure the success and ROI of the data governance program with a concentration on the data glossary and catalog • Maintain and promote key data governance deliverables/assets, including data policies, data standards, and data management roles and decision frameworks. • Support design of future state concept of operations through the analysis of business process models and data flow diagrams • Interact with business and technical peers in the evaluation of emerging industry trends and technologies relevant to data management

• Deliver on the vision and roadmap for our HR Data Governance Strategy o Driving metadata management (alignment on definitions, capturing data lineage, capturing data classification, maintaining/updating HR items in data catalogue) • Driving the cultural change agenda; raising awareness regarding data governance principles; coaching relevant stakeholders • Facilitate Data Governance forums and workshops with relevant stakeholders to promote adherence to governance policies. • Develop and implement Data Quality processes to support more proactive resolution of issues. • Support Data Access controls implemented for Global Data Products • Working with the Global Data Governance Director, the Global Data Stewards for HR data, the Data Governance CoE, and leaders in the HR space, to continuously drive our HR Data Governance Strategy • Ensure sustainable delivery of customer value on the agreed Data Governance roadmap • Clear narrative and articulation of Data Governance principles linked to business value-add, communicating these regularly to stakeholders across Data and HR. • Track and report on specific and measurable aligned KPIs and key results, developing metrics to measure maturity and Data Quality • Proactively identify and escalate risks and mitigation plans, along with key decisions, to relevant stakeholders • Support and align with the Data Governance community (Data Governance Directors, and Data Stewards) to ensure alignment and best practice sharing

• Protect our community by reviewing and making exceptional decisions for platform exemptions to maintain trust and safety across Airbnb • Own incident resolution of risky pay-in procedures from escalation to closure, ensuring swift and thorough case management that protects our hosts and guests • Navigate complex operational issues by partnering with Legal, Public Affairs, and other teams to respond to regulatory inquiries related to fraud and criminal activities • Tell the story through data by drafting business requirements and concept briefs that highlight key operational needs for platform development