Reviews/develops/maintains the company's policies and procedures in accordance with regulatory requirements, company accreditations and best practice/ standards (such as NIST & Hitech) applicable to healthcare information security.
Leads operational risk management activities to enhance the value of the company.
Identifies protection goals, objectives, and metrics consistent with IT strategic plan.
Manages the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Physical protection responsibilities will include asset protection, access control systems, and more. Information protection responsibilities will include network security architecture, network access, and monitoring policies, employee education
Works with senior management and other leaders to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
Oversees incident response planning as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary.
Works with outside consultants as appropriate for independent security audit.
Oversees ongoing activities, programs, and projects that serve to protect data confidentiality, integrity and availability while providing secure and reliable access by team members, staff, affiliated providers and vendors, to systems and information.
Participates in the planning and design of enterprise security architecture, under the direction of Chief Information Officer and the Chief Technology Officer.
Participates in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of Chief Information Officer and Chief Technology Officer.
Recommends additional security solutions or enhancements to improve overall Enterprise security.
Performs the deployment, integration and initial configuration of all new or enhanced security solutions, in accordance with standard "best" operating procedures, generically and the enterprise's security documents specifically.
Maintains operational configurations of all in-place security solutions as per established baselines.
Monitors all in-place security solutions for efficient and appropriate operations.
Reviews logs and reports of all in-place devices, whether they be under direct control or not. Interprets the implications of that activity and devise plans for appropriate resolution. Conducts investigations into problematic activity
Provides on-call support for end users for all in-place Information Technology solutions.
Monitors proactively, tests, collects and analyzes system security statistical data to improve quality and security of the Network environment.
Provides comprehensive security updates, assessments and action plans to senior leaders.
Works and upholds The Brooklyn Hospital Center's security goals, as established by its stated policies, procedures and guidelines, as well as the Hospital industry's security goals.
Participates and performs other Information Technology related tasks under the direction of the Chief Information Officer and Chief Technology Officer.