Full Job Description
Protects the confidentiality, integrity and availability of health systems IT systems and networks. Develops and manages all related security procedures, practices and operations to ensure health system (administrative, technical and physical) safeguards. Develops strategies and plans to provide for all related security functions as appropriate.
Develops and monitors security procedures, practices and policies within all system environments. Maintains standard operation procedures in reviewing the state of security on all platforms and reports on the current state of systems security.
Reviews security features of new systems, ensuring they meet existing security requirements and policies. Review proposed changes to existing policy as conditions warrant.
Develops an Information Security Awareness program. Provides security policy and procedure information to health system employees as needed including developing training, seminars and on-line references.
Ensures staff education and awareness of security features.
Ensures adequate security for new information systems and networks. Assists in developing scenarios of usage and tests for abnormalities or exposures. Augments vendor materials including local enhancements and implementations. Documents security subsystems and potential breaches.
Ensures governance and oversight of compliance and regulatory reporting against health system and security control standards (NIST/ ISO/ PCI/ HIPPA).
Integrates HITRUST security framework into assigned areas as needed.
Documents and communicates risk strategies, policies and procedures to management as necessary.
Maintains knowledge of industry standards and best practices involving security, including identification of solutions to mitigate risk.
Performs related duties, as required.
Bachelor’s Degree in Business Administration, Computer Science or related technology field, required.
Minimum of five (5) years progressively responsible security experience, including management experience, required. Experience in a healthcare environment, HIPPA and HITRUST, preferred.
Certified Information Systems Security Professional certification, preferred.
Strong interpersonal and communications skills and ability to work with all levels of management, required.