Our West Coast healthcare client is looking for a System Security Manager who will be responsible for overseeing, implementing and managing compliance with the organization’s information security program. This role involves developing and maintaining security policies, procedures, risk register and security standards to protect sensitive data and ensure compliance with HIPAA and other relevant regulations. This is a direct-hire position ideally looking for candidates located in Pacific Time Zone.
Responsibilities
- Collaborates with the Chief Information Officer (CIO) to develops, implement and maintain security strategy for the organization that aligns with industry practices and regulatory requirements.
- Conduct regular risk assessments to identify and prioritize potential security threats and vulnerabilities and develop mitigation strategies to address the risks as prioritized.
- Develops information protection policies, including strategies for data loss prevention.
- Maintain the incident response plan to effectively manage and respond to security incidents.
- Serves an advisory role for legal and privacy teams in matters of policy violations and manage security events; assist with legal matters associated with such violations, as necessary.
- Maintains an inventory of information assets to identify, evaluate and manage risk.
- Ensures organizational compliance in accordance with information security policies, standards and procedures. Manages the exceptions process and documents all exceptions.
- Acts as a Focal point for all information security related audit work (internal & external). Coordinates with auditors in the execution of audits. Develops a strategy for handling audits and external assessment processes for relevant regulations.
- Ensure compliance with HIPAA, HITRUST and other relevant regulatory frameworks by conducting regular audits and assessments.
- Develop and maintain security awareness training programs for staff, providers, and other system end users to best practices for upholding and complying with our systems security policies, procedures and best practices.
- Provides regular reporting on the current status of the information security program to executive leadership.
- Develop and maintain a program to conduct regular vulnerability scans and patches to identify and address security vulnerabilities.
- Develops a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive levels.
- Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management program goals.
- Evaluate and manage vendor security practices to ensure third-party service providers and information services solutions meet the organization’s security requirements.
Requirements
- Education: Bachelor’s Degree required, preferably in computer sciences or related field.
- Licensure: Certified Information Systems Security Professional (CISSP) certification is required.
- Experience: Minimum five (5) years’ experience in a similar job role for a mid to large organization, preferably in healthcare with a healthcare provider. Demonstrated experience in the deployment and management of IT security technologies such as firewall, virtual private networks, intrusion detection solutions, secure access, mobile device management and wireless network security. In-depth experience in the following practice areas:
- Familiarity with HIPAA, HITRUST and other relevant regulations. Familiarity with NIST standards.
- Proven track record of developing and implementing successful information security programs
- Experience with cloud security and cloud-based applications.
- Experience with data privacy, data protection, security compliance audits, and assessments
Healthcare IT Leaders is a national leader in IT workforce solutions, connecting healthcare provider, payer and life sciences organizations with experienced technology talent for consulting and full-time hiring. For more information, visit us on the web at www.healthcareitleaders.com .
Healthcare IT Leaders provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.