Security Director

Sandata Technologies   •  

Port Washington, NY

Less than 5 years

Posted 242 days ago

This job is no longer available.

Sandata is a leading U.S. provider of workforce and operational management solutions and services that enable government agencies, Managed Care Organizations (MCOs), and home care providers to manage and optimize the delivery of home care services. We are currently seeking a hands-on Director of Security to help lead the organization in enhancing its global enterprise physical and logical security programs. The Director of Security, under the direction of the Chief Information Officer is responsible for the development, implementation, maintenance and adherence to the organization’s policies and procedures covering privacy and security in compliance with federal and state laws.  oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and various other groups, and is responsible for identifying and defining security initiatives and standards. Position Description: 

  • Serve as the security and privacy lead, and the point of contact for all security and privacy within the organization and externally.  This Security Director role focuses on all security and privacy matters, including Governance, Risk, and Compliance, Cyber Security, Application Security, Identity and Access Management, Security Operations Management, and Business Continuity and Disaster Recovery
  • Serve as the primary point of contact between the Development teams, Compliance, Infrastructure, Legal, and our Customers to ensure that account activities are in aligned with Corporate Security Standards and Policy as well as client-related security practices, policies, procedures, baselines and guidelines
  • Serve as a subject material expert on the topics of HITRUST, HIPAA Security, Privacy, and other applicable standards, rules, regulations, and best practices as it relates to the Healthcare Industry
  • Ensure all information technology systems, policies and procedures fully comply with applicable privacy and security laws, rules, and regulations, including account specific policy and procedures
  • Enforce best practices for Secure SDLC, promoting whole life cycle security integration
  • Ensure the effective execution, including engaging with external auditors, (and mitigation, if applicable) of annual SecurityRisk assessments and certifications, including SOC1 Type 2, HIPAA and HITRUST assessments. Conduct related ongoing compliance monitoring activities in coordination with CIO and compliance team members
  • Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of ePHI
  • Ensure the effective execution of security and compliance training,
  • Assist in the review of customer RFPs and RFIs and ensure the effective execution of third party security questionnaires
  • Receive, investigate and resolve all privacy and security-related reports, including potential breach incidents

 

Skills/Qualifications:

  • Bachelor’s Degree
  • 5 years of experience in an Information Security role within the Healthcare industry
  • Appropriate security certifications (CISM, CISSP, CRISC)
  • Knowledge and experience in information privacy and security laws
  • Excellent verbal and written skills
  • Expert proficiency with respect to encryption standards, ethical hacking, border protection and penetration testing