CISO – Healthcare/Mid-west
Join an exciting organization that is experiencing with tremendous growth
The Security Officer is responsible for the organization's Security Program including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity and access of electronic protected health information and of monitoring program compliance as well as investigation and tracking of incidents and breaches and in compliance with federal and state laws.
- Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization. Ensures information security policies, standards, and procedures are up-to-date.
- Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
- Creates a culture of cyber security both with the IT organization and driving behavioral changes for the business.
- Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
- Manages security incidents and events involving electronic protected health information (ePHI)
- Ensure that the disaster recovery, business continuity, risk management and access controls needs of the facility are addressed.
- Ensures the institution/organization complies with the administrative, technical and physical safeguards.
- Collaborates with organization senior management, Privacy Officer, and Corporate Compliance officer to establish governance for the security program.
- Serves in a leadership role for security compliance.
- Works closely with the Privacy Officer to ensure alignment between security and privacy compliance programs including policies, practices and investigations, and acts as a liaison to the information systems and compliance departments.
- Is responsible for initial and periodic information security risk assessment/analysis, mitigation and remediation. Responsible for development and implementation of security risk management plan.
- Ensure organization has audit controls to monitor activity on electronic systems that contain or use electronic protected health information.
- Oversee periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits and printing.
- Ensure the organization has and maintains appropriate system use and disclosure / confidentiality statement.
- Oversees, develops and/or delivers initial and ongoing security training to the workforce. Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities
- Participates in the development, implementation, and ongoing compliance monitoring of all BA's and business associate agreements, to ensure -security concerns, requirements, and responsibilities are addressed.
- Assists Privacy Officer as needed with breach determination and notification processes under HIPAA and applicable State breach rules and requirements.
- Establishes and administers a process for investigating and acting on security incidents which may result in a privacy breach breaches.
- Partners with Human Resources and Privacy Officer to ensure consistent sanctions for security violations
- Maintains current knowledge of applicable federal and state security laws, licensing and certification requirements and accreditation standards.
- Cooperates with the U.S. Department of Health and Human Service's Office for Civil Rights, State regulators and/or other legal entities, and organization on officers in any compliance reviews or investigations.
- Serves as information security consultant to all departments for all data security related issues.
- Baccalaureate degree in information systems or a related healthcare field.
- Knowledge and experience in state and federal information security laws, including but not limited to HIPAA, including NIST, PCI and all other applicable regulations.
- Recommended Security certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related security credentials.
- Knowledge of HIPAA, state and federal guidelines on security, transactions, and security.
- Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient security.