Manager, Information Security
Overview
Under the direction of the Chief Information Officer, Information Technology will be responsible for the Information Security Program in partnership with the Chief Compliance Officer and his / her team.
The manager, Information Security will work under the Director, IT Infrastructure and Operations, to carry out the duties that will support the Information Security policies and practices of the organization.
Skills of a Manager, Information Security include but are not limited to : Strong policy and process knowledge including HIPAA, SOX, IT auditing skills, and has the expertise to deal with a variety of technologies and customers.
Professional interaction with all District departments is imperative. This position requires IT competency in information security and security risk assessments in the healthcare industry.
Proficiency in designing and managing security remediation plans is a must and the ability to be hands on when necessary.
Strong technical skills : application and operating system hardware, vulnerability assessments, security audits, TCP / IP, log monitoring, intrusion detection systems, firewalls, etc.
Outstanding communication (oral, written, presentation), interpersonal and consultative skills. Must possess a high degree of integrity and trust along with the ability to work independently and with infrastructure teams.
Demonstrated organization, facilitation, communication, and presentation skills. Excellent documentation skills. Ability to weigh business risks and enforce appropriate information security measures.
Knowledge of information privacy laws and regulations including access and release of information. In-depth knowledge of the HIPAA Security Rules and related state regulations a must.
Demonstrates knowledge and experience with the following tools; Antivirus, intrusion detection / protection software, network access control, provisioning and de-provisioning of users, encryption, SFTP / FTP, security monitoring, data loss prevention, identity and asset management plus data communication.
Experienced in the following technologies : Cisco ASA and Firepower firewalls, Cisco VPN connections / client, Cisco ISE, Security information management (SIM), Threat Detection Management, log correlations, Authentication, RBAC, single sign on technologies, mobile device security protocols.
Responsibilities
Essential Functions :
- Recommend security systems that will provide detection, prevention, containment and deterrence mechanisms to protect and maintain the integrity of healthcare data.
- Manage Information Security program initiatives and staff to support security best practices and meet regulatory requirements.
- Contribute to the development and maintenance of all security related policies and procedures designed to protect the organizations sensitive information from misuse, unauthorized access and loss of integrity
- Ensures the ongoing interaction and flexibility of Information Security with District Business strategies and requirements.
- Ensures that the access control, disaster recovery, business continuity, incident response and risk management needs of the district are properly addressed.
- Responsible for the development, management and reporting of security remediation plans and risk registries to reduce the organizations overall security risk.
- Will attend annual security training classes and / or security certification programs where required.
- Ensure District Information systems are adequately protected and meet or exceed information security best practices and all regulatory requirements of the District.
- Provides security project management, security testing oversight, and risk remediation planning and coordination.
- Implement and maintain a security awareness program to educate all employees by way of email, PowerPoint, phishing tests, flyers or posters on a quarterly basis
- Coordinates internal and external communication, issue resolution, security vendor relationships, testing plans, training plans, and successful transition to additional IT infrastructure teams appropriately.
- Analyze changes in the regulatory area including the Payment Card Standard, Privacy Legislation, SOX, SEC guidance, HIPAA etc.
and provide the District with appropriate action plans for improving business functions.
- Act as internal consultant to District staff to assist in the implementation of such action plans.
- Work with vendors, outside consultants and other third parties to improve District Information Security.
- Participate in the incident response teams to contain, investigate and prevent future computer security breaches. Coordinates quarterly security audits.
Communicates findings to the Director, IT Infrastructure and other leadership as directed.
- Assists in the ongoing maintenance of the department’s business continuity / disaster recovery plan.
- Provides clear and concise statuses and project plans to the Director, Infrastructure and leadership as directed.
- Participates in on-call coverage as defined by IT management.
- Provides the technical leadership for security based projects.
- Emergency duty may be required of the incumbent that includes working in Red Cross shelters or to perform other emergency duties including, but not limited to, responses to threats or disasters, man-made or natural.
Qualifications
Education :
Bachelor’s degree in Information Technology or related field with a concentration in information technology security. Equivalent combination of experience, along with high school diploma or GED, may substitute for minimum education requirements.
Experience :
A minimum five (5) years’ experience in implementing and supporting information security for applications, web architectures, operating systems, databases, and networks in the health care industry.
Certification :
- CompTIA Security+ certification required.
- CEH : Certified Ethical Hacker preferred.
- CISSP Certified Information Systems Security Professional required.
- CISM Certified Information Security Manager preferred.
- Additional Microsoft or Cisco certifications a plus.
Licensure :
Valid Florida Driver’s License required.
Training :
Strong technical skills (application and operating system hardware, vulnerability assessments, security audits, TCP / IP, intrusion detection systems, firewalls, etc.
Knowledge and experience in information privacy laws and regulations including access and release of information. In-depth knowledge of the HIPAA Security Rule and other government technology laws including any corollary state law(s).