Information Security Officer

Main Function

The Information Security Officer is responsible for the design, oversight, and ongoing management of the information security program, including policies, procedures, technical systems, and workforce training in order to maintain the confidentiality, integrity, and availability of data within all of Company’s Information Systems.

If, in the opinion of the Information Security Officer, information security policies and procedures are not being followed or information security concerns are not being adequately addressed, the Information Security Officer shall convey that information to the most appropriate individual, in his or her opinion, including the Vice President, Information Technology; the Chief Compliance Officer; the General Counsel; or the President/CEO.

Outline of Responsibilities

The Information Security Officer will:

• Draft, implement, manage, and enforce security policies and procedures related to PHI.

• Ensure the ongoing integration of information security with business strategies and privacy requirements.

• Work with Privacy Officer and Vice President, Information Technology for ongoing optimal application of technology functionality to protect regulated data.

• In concert with Privacy Officer, lead information security awareness and training initiatives to educate workforce about policies, procedures, and information risks.

•  Manage internal and third party security risk assessment analysis processes and remediation including creation of the risk mediation plan.

• Manage gap analyses and prioritization of gap closure.  Respond to risk assessments of members and other participants:

  • Identify process improvements

  • Update standard answers to questions posed by participants

  • Review security surveys including SOC Reports from Vendors  

• Create an information security risk mitigation plan based on risk assessments with input from the Privacy Officer, Vice President, Information Technology and other relevant staff.

• Perform ongoing security audits to assess effectiveness of policies, procedures, and Information Systems security safeguards.

• Make recommendations to the Vice President, Information Technology regarding the ongoing integration of information security with business strategies and privacy requirements.

• Work with vendors, outside consultants, business associates, and other third parties to improve information security practices.

• Lead the security incident response team in prevention, investigation, mitigation, and reporting activities.

• Work with Human Resources to ensure appropriate sanctions for violations of information security policies.

• Develop budgets related to the information security program.  Recommend system enhancements via capital and operating budget planning to keep pace with privacy and security technology advances.

• Collaborate with VP of Information Technology on the prioritization of information system maintenance activities (whether completed by members of your workforce or vendors).

• Ensure that vendors comply with contractual obligations related to information security.

• Support continuity planning. Conduct business impact analysis and manage the remediation of issue identified. Conduct annual disaster recovery testing and adopt remediation plan.

• Support plans for emergency mode of operations (including access to regulated information).

• Support information and information system recovery and resumption of routine practice operation after an emergency. Coordinate the improvement and implementation of the Emergency Mode operation plan. Update Information Technology items in the Emergency Preparedness Plan.

•  Lead security response team in investigating and developing appropriate responses to complaints and incidents related to information security.  Carry out periodic security risk assessments in conjunction with privacy requirements.

• Manage the security audit program and coordinating action plans for applicable Company departments when necessary to make improvements.

• Document and maintain all risk analyses and remediation actions taken by Company to reduce information security risks.

• Document the processes that lead to regulatory compliance.

• Document the links between technical solutions and security policies.

• Manage retention of performance improvement activity documentation for security functions and compliance responsibilities.

• Coordinate security survey regulatory activities and participate in accreditation surveys with external survey bodies.

• Maintain current knowledge of federal and state privacy and security laws and regulations and industry best practices (e.g., NIST, ISO).

• Serve as a security resource to executive management, employees, business associates, and external bodies such as association members and government agencies.

Qualifications

Bachelor’s Degree in Information Systems, Computer Science, Health Information Management, or other relevant field.  Five years’ experience in information security required, with a strong preference for experience with health information. Security certification required:  Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy and Security (CHPS), or similar certification.  Work experience preferred with federal and state privacy and security laws, regulations, and accreditation standards for maintaining information security and confidentiality preferred.  Knowledge of technical infrastructure security components and integrated, computerized rules-based systems a must.

Equal Opportunity Employer – race, sex, veteran or disability status, gender identity, sexual orientation

We offer a competitive salary with an excellent benefits package. Qualified candidates must apply online:  Click here to apply https://www.team-iha.org/our-a...