Healthcare Information Security Director

Hamilton Medical Center Inc
Full Time
Dalton, GA 30720
Posted
Apply This Job
Job description

JOB SUMMARY
Responsible for strategic

  • Planning, implementation, and management of information security of the Hamilton Health Care System strategic business plan
  • Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.
  • Participate as a member in governance processes of the organization's security strategies.
  • Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.
  • Identify protection goals, objectives, and metrics consistent with corporate strategic plan;
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
  • Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
  • Information security planning including JCAHO and departmental budgeting
  • Development assistance and execution of request for proposals, system selections, and contracts
  • Creation and successful implementation of Service Excellence and Heart of Hamilton methodologies to produce measurable results
  • Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
  • Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.

**
*Responsible for on-going operations consisting of*

  • Management of Information Security associates
  • Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
  • Work closely with the Information Services department on corporate technology development to fully secure information, computer, network, and processing systems.
  • Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
  • Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.
  • Recommend and implement changes in security policies and practices in accordance with changes in local or federal law.
  • Creatively and independently provide resolution to security problems in a cost-effective manner.
  • Assess and communicate security risks associated with any purchases or practices performed by the company.
  • Collaborate with IT leadership, privacy officer, and HR to establish and maintain a system for ensuring that security and privacy policies are met.
  • Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies
  • Coordinate a system risk assessment at least annually to comply with HIPAA, regulatory agencies, incentive payment programs, and others. Report findings.
  • Maintain a risk assessment database that includes identified risk from assessment data. Maintain the current responses to such known and identified risk in the database.
  • Coordinate various forms of penetration tests to the system network from various perspectives (physical, internal, external, and Internet presence) at least quarterly and report findings.
  • Provide technical and functional expertise to the staff.
  • Contribute to the collaboration of Information Security with Clinical Informatics, Telecommunications, and Clinical Equipment Services Departments.
  • Maintaining excellent associate satisfaction in comparison to historic survey results.
  • Maintain an open environment where associates feel appreciated, respected, and results oriented.
  • Fosters a departmental environment of innovation with continual efforts toward innovated problem solving and entrepreneurial solution development.
  • Reports at least annually to the Compliance Committee and other meetings as requested on the current state of information security and the organizations preparedness against common threats.
  • Works with Financial Services in the application of cyber security insurance. Assures compliance with insurance underwriter performance criteria necessary to maintain insurance coverage.
  • Reports at least quarterly to the CIO on the organization cyber security best practices and our adherence to those established norms.

**
*JOB QUALIFICATIONS*
Education: Undergraduate degree in Information Systems or related field required, Masters in information Security work preferred.
Licensure: CISA, CCSP, ECH, CISSP, or CISM preferred.
Experience: A minimum of two years of hospital information management in a dynamic and service oriented organization;
A minimum of six years of business and systems planning; ideally in multiple industries
A minimum of five years of health care Information Services operations, system selection, installation, and project management experience including the selection and installation of health care and other information systems:
Hamilton Medical Center (HMC) would accept an equivalent combination of education and experience providing the candidate possesses the knowledge and abilities required by the position.
Skills: Leadership ability that effectively integrates management, technical and interpersonal skills;
Vision/imagination that allows for the effective exploration and utilization of information security to meet business objectives;
Business acumen required to identify, analyze and effectively present the financial impact of information security and information privacy;
The ability to communicate effectively with all levels of management, the Medical Staff and the Boards;
A technical and functional understanding of hospital and related information systems that will allow credibility in the eyes of hospital and HHCS management, end users, Information Security associates, consultants and vendors;
Ability to work with and utilize to the best advantage the Hamilton Health Care System representatives of various vendors and consultants;
A mature individual with a strong sense of organization and the ability to develop long range plans while maintaining control over current projects;
The ability to recruit, train, motivate, and develop associates to achieve minimum turnover rate.

  • A knowledge of computer networking concepts and protocols and network security methodologies.
  • A knowledge of cyber threats and vulnerabilities.
  • A knowledge of risk management processes.
  • A knowledge of cyber threats and vulnerabilities.
  • Experience in identifying gaps in existing architectures.
  • Experience in designing security architectures to mitigate threats.
  • Knowledge of computer networking concepts and protocols (e.g. TCP/IP, DNS) and network security methodologies.
  • Knowledge of network access, identity, and access management (e.g. public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware.
  • Knowledge of remote access technology concepts.
  • Knowledge of application firewall concepts and functions (e.g. single point of authentication enforcement, data anonymization, DLP scanning, SSL security).
  • Work experience in cybersecurity designs for systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data.
  • Knowledge of risk management processes and experience in conducting risk assessments.
  • Familiarity with the application of privacy principles to organizational requirements.
  • Knowledge of information security regulations, and specifically those that pertain to health data and protected health information. Knowledge extends to applicable laws such as HIPAA, PCI, and HITECH.
  • Knowledge of identity and access management methods.
  • Experience with Windows, Unix, and Linux operating systems.
  • Knowledge of business continuity and disaster recovery operation plans.
  • Ability to set and manage priorities judiciously.
  • Excellent written and oral communication skills.
  • Excellent interpersonal skills.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Exceptionally self-motivated and directed.
  • Keen attention to detail.
  • Superior analytical, evaluative, and problem-solving abilities.
  • Exceptional service orientation.
  • Ability to motivate in a team-oriented, collaborative environment

**
*PHYSICAL, MENTAL, ENVIRONMENTAL AND WORKING CONDITIONS*
Typical office/information systems environment, subject to frequent interruptions and heavy deadline requirements. The associate frequently is working with sensitive and confidential patient and business information.
The individual must be able to

  • maintain control;
  • effectively establish and update priorities and exercise accurate judgement during high stress and peak workload periods;
  • strong analytical and problem-solving skills capable of managing projects that drive business objectives;
  • communicate effectively with management, the medical staff, members of the Boards, associates, system users, consultants and vendors in order to complete their responsibilities;
  • maintain a flexible schedule required in order to accommodate on-call and other responsibilities.

Location: PO BOX 1168, Georgia

Location: PO BOX 1168, Georgia

Job Type: Full-time

Schedule:

  • 8 hour shift
  • Monday to Friday

Education:

  • Bachelor's (Preferred)

Experience:

  • business and systems planning: 6 years (Preferred)
  • health care Information Services operations: 5 years (Required)

License/Certification:

  • CISA, CCSP, ECH, CISSP, or CISM certification(s) (Preferred)

Work Location: Hybrid remote in Dalton, GA 30720

adamanda.ca is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, adamanda.ca provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, adamanda.ca is the ideal place to find your next job.

Save This Job Apply Job

Intrested in this job?

Related Jobs

All Related Listed jobs

Enterprise Risk Manager-Home Preservation and Liquidation Policy
WELLS FARGO BANK Tempe, AZ

About this role: Wells Fargo is seeking an Enterprise Risk Manager to lead Home Preservation and Liquidation Policy. In this role, you will: Manage and develop a team with
Team Lead-Assembly
Stanley Black & Decker Hesston, KS 67062

Job Title: Team Lead-Assembly Location/s: Hesston KS USA - S Ridge Road We Don't Just Build The World, We Build Innovative Technology Too. Joining the Stanley Black & Decker team means working
Merchandiser - Edmonds and Lynnwood
Columbia Distributing Edmonds, WA

Our Merchandisers play a pivotal role at Columbia Distributing. Over the course of distribution, Merchandising is the final stop in getting beverages into our customer's hands. After the
Network Architect
AMC Theatres Leawood, KS 66211

The Network Architect's role is to provide the senior technical leadership for AMCs voice and data communication solutions that support core organizational functions and assure their