Information Security Officer
Main Function
The Information Security Officer is responsible for the design, oversight, and ongoing management of the information security program,...
Main Function
The Information Security Officer is responsible for the design, oversight, and ongoing management of the information security program, including policies, procedures, technical systems, and workforce training in order to maintain the confidentiality, integrity, and availability of data within all of Company’s Information Systems.
If, in the opinion of the Information Security Officer, information security policies and procedures are not being followed or information security concerns are not being adequately addressed, the Information Security Officer shall convey that information to the most appropriate individual, in his or her opinion, including the Vice President, Information Technology; the Chief Compliance Officer; the General Counsel; or the President/CEO.
Outline of Responsibilities
The Information Security Officer will:
Draft, implement, manage, and enforce security policies and procedures related to PHI.
Ensure the ongoing integration of information security with business strategies and privacy requirements.
Work with Privacy Officer and Vice President, Information Technology for ongoing optimal application of technology functionality to protect regulated data.
In concert with Privacy Officer, lead information security awareness and training initiatives to educate workforce about policies, procedures, and information risks.
Manage internal and third party security risk assessment analysis processes and remediation including creation of the risk mediation plan.
-
Manage gap analyses and prioritization of gap closure. Respond to risk assessments of members and other participants:
Identify process improvements
Update standard answers to questions posed by participants
Review security surveys including SOC Reports from Vendors
Create an information security risk mitigation plan based on risk assessments with input from the Privacy Officer, Vice President, Information Technology and other relevant staff.
Perform ongoing security audits to assess effectiveness of policies, procedures, and Information Systems security safeguards.
Make recommendations to the Vice President, Information Technology regarding the ongoing integration of information security with business strategies and privacy requirements.
Work with vendors, outside consultants, business associates, and other third parties to improve information security practices.
Lead the security incident response team in prevention, investigation, mitigation, and reporting activities.
Work with Human Resources to ensure appropriate sanctions for violations of information security policies.
Develop budgets related to the information security program. Recommend system enhancements via capital and operating budget planning to keep pace with privacy and security technology advances.
Collaborate with VP of Information Technology on the prioritization of information system maintenance activities (whether completed by members of your workforce or vendors).
Ensure that vendors comply with contractual obligations related to information security.
Support continuity planning. Conduct business impact analysis and manage the remediation of issue identified. Conduct annual disaster recovery testing and adopt remediation plan.
Support plans for emergency mode of operations (including access to regulated information).
Support information and information system recovery and resumption of routine practice operation after an emergency. Coordinate the improvement and implementation of the Emergency Mode operation plan. Update Information Technology items in the Emergency Preparedness Plan.
Lead security response team in investigating and developing appropriate responses to complaints and incidents related to information security. Carry out periodic security risk assessments in conjunction with privacy requirements.
Manage the security audit program and coordinating action plans for applicable Company departments when necessary to make improvements.
Document and maintain all risk analyses and remediation actions taken by Company to reduce information security risks.
Document the processes that lead to regulatory compliance.
Document the links between technical solutions and security policies.
Manage retention of performance improvement activity documentation for security functions and compliance responsibilities.
Coordinate security survey regulatory activities and participate in accreditation surveys with external survey bodies.
Maintain current knowledge of federal and state privacy and security laws and regulations and industry best practices (e.g., NIST, ISO).
Serve as a security resource to executive management, employees, business associates, and external bodies such as association members and government agencies.
Qualifications
Bachelor’s Degree in Information Systems, Computer Science, Health Information Management, or other relevant field. Five years’ experience in information security required, with a strong preference for experience with health information. Security certification required: Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy and Security (CHPS), or similar certification. Work experience preferred with federal and state privacy and security laws, regulations, and accreditation standards for maintaining information security and confidentiality preferred. Knowledge of technical infrastructure security components and integrated, computerized rules-based systems a must.
Equal Opportunity Employer – race, sex, veteran or disability status, gender identity, sexual orientation
We offer a competitive salary with an excellent benefits package. Qualified candidates must apply online: Click here to apply https://www.team-iha.org/our-a...
Below are some other jobs we think you might be interested in.
-
Chief Information Officer (CIO)
- National Institute on Aging
- Bethesda, MD, USA
May 09 -
Executive Vice President Information Technology and Chief Information Officer (EVP & CIO)
- Bonneville Power Administration
- Portland, OR, USA
- Hybrid
Apr 27 -
Information Technology Director
- City of Tigard
- Tigard, OR, USA
May 08 -
Senior Cyber Security Analyst
- Valley Water
- San Jose, CA, USA
May 13 -
DevOps Engineer III
- Security Risk Advisors
- Philadelphia, PA, USA
- Remote
May 01 -
Senior Network Administrator
- Irvine Ranch Water District
- Irvine, CA, USA
Apr 29 -
Unified Technology Solutions Architect
- Pennsylvania Turnpike Commission
- Middletown, PA, United States
- Hybrid
May 16 -
Mobile/Web Developer (.Net)
- Air Line Pilots Association
- Atlanta, GA, USA
May 17 -
Director of Health Informatics
- Pace University
- New York, NY, USA
May 01 -
Assistant Director, Infrastructure and Business Development
- Metropolitan Transportation Commission
- San Francisco, CA, USA
- Hybrid
Apr 29 -
Senior IT Project Manager
- Pennsylvania Turnpike Commission
- Middletown, PA, United States
- Hybrid
May 09 -
AdaptiveWork Systems Engineer
- Pinkerton
- Seattle, WA, USA
May 03 -
IT Service Management Specialist
- Pennsylvania Turnpike Commission
- Middletown, PA, United States
- Hybrid
May 01 -
Assistant Director, Service Delivery
- Metropolitan Transportation Commission
- San Francisco, CA, USA
- Hybrid
Apr 29 -
IT Vendor & Contracts Manager
- Washington State Department of Natural Resources
- Olympia, WA, USA
- Hybrid
May 03