The responsibilities also include assisting in the development of technical standards and standard operating procedures and other related governance pertinent to IT operations. This position works closely with IT operations staff (US and International) and may also interact with Finance, Operations, Sales, Compliance, Legal, Quality Assurance, Human Resources and other areas to ensure that company information assets are protected as required by regulatory compliance at all levels, federal and state and corporate.
Strong expertise and experience in implementing and managing the Technical Security Safeguards required by HIPAA/HITECH, PCI-DSS and Sarbanes-Oxley Act is required as well as responsibility for oversight for securing configurations on operating environments, including networks, routers/firewalls, workstations, mobile devices. Duties will include collaboration with DBAs and web programmers for data encryption and secure programming strategies.
What will be your Duties and Responsibilities?
Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.
- Work with IT leadership and business units to establish an IT security and risk management program to identify information assets and the threats and vulnerabilities against those information assets
- Work with IT leadership and business units to establish an integrated IT GRC program that mitigates the risks of information assets and returns value to the company
- Serve as backup to the Information Security Officer when he/she is unavailable
- Provide technical leadership in the definition, creation and implementation of information security strategies, including development of governance (policies, standards, procedures and related controls) to achieve compliance with regulations, and monitoring company IT operations
- Collaborate with DBAs & web developers for data encryption and secure development strategies
- Provide oversight for securing configurations on IT operating environments, including networks, routers/firewalls, workstations, mobile devices
- Work with external agents (consultants, auditors, vendors) as needed to achieve goals
- Assist IT management when response to audit opinions are required
- For audit opinions requiring mitigating actions, work with IT and the business units to develop and document new preventative, detective and corrective controls
- Monitor compliance, especially with technical standards, with the policies and standards
- Perform project management as needed
- Provide effective communication to business leaders and end users as needed
- Maintain professional certifications and achieve at least 40 annual CPEs or equivalent
- Train company staff in security matters as needed, from end user to leadership position
- Encourage an environment of compliance, innovation and closure on projects
- Participate in any information security related activity as directed
- Regular attendance required
- Perform related duties as required.
What skills you’ll need?
- Bachelor’s degree in computer science, information technology, management information systems, mathematics or related field or related work experience
- Professional certification(s) such as Security+, CISSP or other technical security area
Professional certification in IT security management is desirable
- 10+ years of IT experience with 3+ years of experience in the Healthcare field
- 5+ years field level experience in “hands on” of configuring and managing servers, networks including firewalls, routers, client machines, mobile devices
- 3+ years regulatory compliance experience in HIPAA/HITECH, Sarbanes-Oxley, PCI-DSS or other auditable area to include performing and/or facilitating of assessments
- Experience in mitigating risks and adverse events on web facing applications, servers, client machines and mobile devices
- Experience in developing or maintaining Privacy and Security Governance programs (Policies,
Technical Standards, IT Procedures) to provide HIPAA and SOX related controls
- Experience remediating audit issues, including developing compensating controls
- Experience in developing or acquiring tools for compensating controls to manage auditrisks
- Experience in managing and directing IT staff and vendors, including contractor/consultants
- Demonstrated leadership and communications skills that build strong rapport and effective working teams for diverse projects involving technical and non-technical staffs
- Demonstrated ability to develop and present information, business and technical, to diverse audiences ranging from the beginning staff level, technical and business, to mid-management
- Advanced problem solving skills
- Adaptability for learning new business concepts within new environments and staff situations
- Ability to lead technical staff on projects, especially security related
- Other IT security duties as assigned
NONESSENTIAL SKILLS, EXPERIENCE AND QUALIFICATIONS (not necessary but preferred):
- Close collaboration with all IT Managers and their staff is required.