INFORMATION SECURITY OFFICER

Eskenazi Health - Indianapolis, IN

Full-time
Division:Eskenazi Health

Sub-Division: Hospital

Req ID: 1254

Schedule: Full Time

Shift: Days

Eskenazi Health is an organization that celebrates diversity, and seeks to employ a diverse workforce. We actively encourage all individuals to apply for employment and to seek advancement opportunities. Eskenazi Health also provides reasonable accommodations to qualified individuals with disabilities as required by law. For additional questions please contact us at: 317-880-3344.

JOB SUMMARY:
The Information Security Officer is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This position works with Eskenazi Health’s leaders to prioritize security needs and related costs according to financial constraints and directives. The Information Security Officer is responsible for enhancing and improving physical security and cyber security by identifying Eskenazi Health’s protection goals and objectives, and ensuring alignment with the organization’s strategic plans.

ESSENTIAL JOB FUNCTIONS:
Builds a strategic and comprehensive information security program that defines, develops, maintains and implements processes that enable consistent, effective information security practices
Develops and implements global policies, procedures, and plans related to: security of computer systems, networks and telecommunications; health information security and privacy compliance; business continuity, risk management, loss and fraud prevention; and emergency and incident response
Works closely with the Privacy Officer to ensure alignment between security and privacy compliance programs; acts as a liaison to the Information Systems and Compliance departments; assists with breach determination and notification processes under HIPAA and applicable state breach rules and requirements
Responsible for initial and ongoing information security risk assessment and analysis, mitigation and remediation; conducts audits to find holes in security platform
Establishes and administers a process for investigating and acting on security incidents which may result in a privacy breach
Identifies and prioritizes security initiatives and standards; addresses privacy, confidentiality and standards administration
Investigates security breaches; develops and directs technical teams in the investigation and resolution of a variety of complex health information privacy and security issues using a systematic approach
Establishes and maintains technical computer and network security systems and protocols
Establishes and maintains administrative computer and network security systems and protocols
Monitors and reviews logs of computer systems and network activities for possible unauthorized intrusion
Oversees, develops and delivers security training to hospital personnel at all levels relative to the privacy and security of health information
Researches and recommends appropriate hardware and software to implement and maintain health information privacy and security
Initiates, facilitates, and promotes activities to foster information security awareness within the organization
Evaluates security trends, evolving threats, risks and vulnerabilities; implements tools to mitigate risk as necessary
Collaborates with senior management, Privacy Officer, and Corporate Compliance officer to establish governance for the security program
Manages security incidents and events involving electronic protected health information (ePHI)
Ensures organization has audit controls in place to monitor activity on electronic systems that contain or use electronic protected health information (ePHI)
Oversees periodic monitoring and reviewing of audit records to ensure that activity is appropriate; includes but is not limited to logons and logoffs, file accesses, updates, edits and printing
Participates in the development, implementation, and ongoing compliance monitoring of all BA's and business associate agreements, to ensure security concerns, requirements, and responsibilities are addressed
Serves as information security consultant to all departments for all data security related issues

JOB REQUIREMENTS, SKILLS AND KNOWLEDGE REQUIRED THROUGH:
Bachelor’s degree in Information Systems or a related healthcare field required
Certified in Healthcare Privacy and Security (CHPS) certification and/or other healthcare industry related security credentials required
Certified Information Systems Security Specialist (CISSP) certification is preferred
Appropriate certification in risk management and/or health care compliance preferred
Five years progressive experience in health information security management, health information management, information systems and/or health risk management is required

Eskenazi Health offers comprehensive benefits including, tuition reimbursement, retirement plans through OneAmerica, various on-campus dining options, a free fitness gym, free employee wellness programs, sky farm access and more. Come and be a part of our PRIDE values!

Accredited by The Joint Commission and named one of the nation’s 150 best places to work by Becker’s Hospital Review for three consecutive years and Forbes list of best places to work for women, and Forbes list of America’s best midsize employers’ Eskenazi Health’s programs have received national recognition while also offering new health care opportunities to the local community. As the sponsoring hospital for Indianapolis Emergency Medical Services, the city’s primary EMS provider, Eskenazi Health is also home to the first adult Level I trauma center in Indiana, the only verified adult burn center in Indiana, the first community mental health center in Indiana and the Eskenazi Health Center Primary Care – Center of Excellence in Women’s Health, just to name a few.