Position Title: Manager, Information Security
Department: Compliance and Audit Services
Full/Part Time: Full-time
The Manager of Information Security is primarily responsible for the auditing of IT systems, assisting in the development and delivery of a comprehensive information security program, and to help ensure the safety and security of Electronic Protected Health Information (ePHI). The scope of this program is enterprise wide and includes information in electronic, print and other formats. The purpose of this program is to assure that the information created, acquired or maintained by its authorized users is used in accordance with its intended purpose; to monitor ePHI and its infrastructure from external or internal threats; and to assure that it complies with statutory and regulatory requirements regarding information access, security, and privacy.
- Performs audit activities for information systems and creates a resultant set of documents
- Assists the Director of Information Security with building a strategic and comprehensive information security program that minimizes risk and ensures integrity, confidentiality and availability of ePHI.
- Assists with the development and implementation of information security policies, standards and procedures. Work with key Information System offices, data custodians and governance groups in the development of such policies.
- Educates workforce members on standards and procedures related to security of ePHI.
- Collaborate with the HIPAA-Privacy Officer on compliance issues as necessary to ensure alignment between security and privacy compliance.
- Assist with the development and implementation of an Incident Reporting and Response system to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
- Evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to mitigate risk as necessary.
- Assist with the development and implementation of an ongoing risk assessment program targeting information security matters; recommend methods for vulnerability detection, remediation, and oversee vulnerability testing.
- Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to its mission.
- Collaborate with Information Technology as needed for Recovery Planning, Business Downtime Planning and other projects as needed.
- Serves as an Information Security consultant to all departments for data security related issues.
- Oversee periodic monitoring and reviewing of audit. This would include but is not limited to logons, file accesses, updates, edits and printing.
- Oversee and audit terminated workforce members systems access.
- Ensure that organization has audit controls to monitor activity on electronic systems that contain or use ePHI.
- Assist in ensuring that the organization is following mandated HIPAA Security Rule requirements for administrative, technical and physical safeguards.
- Other duties as assigned.
MINIMUM EDUCATION & EXPERIENCE
- Bachelor’s degree, required. Advanced degree preferred.
- Minimum five (5) years of experience in information security, information technology or related field.
- Experience in developing and administering an information security program, preferred.
KNOWLEDGE, SKILLS, & ABILITIES
- Excellent project management, written and oral communications skills.
- Ability to work collaboratively with a broad range of constituencies.
- Working knowledge of policy and regulatory environment of information security, especially in medical field.
- Service Excellence – responsive, informs constituents of process, pleasant to work with, educates and provides timely, accurate information
- Presentation – can speak in front of people to deliver necessary material or messaging
- Interpersonal – can build effective, strong working relationships with employees, colleagues, management and vendors through trust, communication, and credibility
- Office environment – office, sitting, computer, walking, lifting etc.