Search Page | Back to Results

IT Security and Risk Manager

Job Purpose
The IT Security and Risk Manager is responsible for designing, planning, developing, implementing, maintaining, supporting and documenting all Company information security-focused tools, services, applications, and methodologies. The position will work closely with Quality Assurance, Risk Management & Information Technology to define the security direction for the Company, including systems, networks, user services, and vendor development efforts, and to develop and interpret information security policies and procedures.

Duties and Responsibilities
• Assists in the planning and implementation of additions, deletions and major modifications to the corporate IT infrastructure
• Responsible for the planning, implementation, and program modifications of the Company’s physical and network security programs.
• Acts as the Company’s HIPAA Security Officer responsible for all HIPAA Security Policies and Procedures
• Develops, completes, and updates Information Security Risk Assessments, and identifies security and safety risks
• Coordinates with other departments to respond to requests for access to protected health information, restriction of release of protected health information, and third-party vendor contracts, as well as periodic audits of above
• Develops and updates the Incident Response Plans, as well as documents, investigates, and responds to privacy and security incidents
• Utilizes in-depth technical knowledge and business requirements to design and implement solutions and training to meet organization’s needs
• Develops, implements, and monitors security standards, procedures, and guidelines for multiple platforms
• Maintains organization's effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information technologies
• Researches and recommends technology to meet organizational goals, strategies, practices, and user projects
• Completes projects by coordinating resources and timetables with user departments and data center
• Audits information systems, platforms, and operating procedures in accordance with established corporate standards
• Evaluates IT infrastructure in terms of risk to the organization and establishes controls to mitigate loss
• Determines and recommends improvements in current risk management controls and implementation of system changes or upgrades
• Ensures that Company assets are maintained responsibly
• Develops, implements, and manages the overall enterprise process for security strategy and associated architecture and engineering standards
• Prioritizes security initiatives and spending based on appropriate risk management and/or financial methodology
• Regularly reports incidents, updates, and recommendations to the Executive Management Team, IT Steering Committee (as appropriate), and the Board of Directors, as requested
• Manages the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security
• Responsible for Company’s physical security as it relates to crisis management, in the preparation for or in the event of potential security risks.
• Reviews Information Technology contracts and vendor agreements, in order to work with legal counsel (as appropriate) in order to make recommendations to Supervisors
• Participates in scheduled audits and exams, and acts as a liaison with local, state, and regulatory agencies
• Regular and predictable attendance
• Consistently demonstrates compliance with HIPAA regulations, professional conduct, and ethical practice
• Maintains work area in a clean and orderly condition and ensures safe operating conditions within area of responsibility
• Works to encourage and promote Company culture throughout the organization
• Other duties as may be assigned

Qualifications
• Bachelor’s Degree in area of specialty
• Five or more years’ experience in Network/System Administration
• Healthcare industry experience preferred
• Knowledge of HIPAA Security Rule, and familiarity of HITRUST CSF required
• Risk management experience with proven ability to effectively apply risk principles to challenging business situations
• Strong negotiation skills

Competencies
• Ethics - Honest, accountable, maintains confidentiality
• Reliability - The extent to which the employee can be depended upon to be available for work, do it properly, and complete it on time. The degree to which the employee is reliable, trustworthy, and persistent.
• Sense of Urgency - Meets deadlines, establishes appropriate priority, gets the job done in a timely manner
• Communication Skills - Possesses effective communication skills: oral, written, listening
• Conflict Management - Good listener, committed to finding solution to problems, works well with difficult people
• Initiative - Takes action, seeks new opportunities, strives to see projects to completion
• Internal Controls - Knowledge of and ability to create, implement, evaluate and enhance internal control processes
• Job Knowledge - Knowledge of products, policies and procedures; OR knowledge of techniques, skills, equipment, procedures, and materials
• Planning & Organizing - Displays ability to effectively plan, organize and implement applicable tasks or projects in relation to established goals and objectives
• Problem Solving & Decision Making - Displays ability to define a problem, develops workable and realistic alternatives, and selects appropriate alternative to resolve problem. Decisions made are generally correct, and the time taken to make such decisions is reasonable.

Physical, Mental, Environmental & Working Conditions
Moderate amount of walking, sitting, and writing. Moderate to significant amount of stress in meeting deadlines and dealing with day-to-day events in the execution of job duties. Needs flexibility and adaptability to change. Candidate must be self-disciplined and a self-starter and able to work independently with a flexible work schedule. Must be able to drive a vehicle and daytime/overnight travel as required.

Time:  Full time
Salary:  Salary
Category:  Information technology

Updated: 4/22/2021 9:18:30 AM