Dentaquest Boston , MA 02298
To provide vision and strategic thought leadership for information security maintenance and HIPAA compliance. Will establish governance policies and oversee system for risk mitigation/management and compliance training.
JOB DUTIES AND RESPONSIBILITIES:
Coordinates HIPAA compliance efforts within the organization, with our vendors, and with our customers in order to ensure that Information Systems comply with legal requirements
Manages efforts to control the confidentiality and integrity of data & information used by personnel and stored in systems/databases at DentaQuest
Oversees activities related to SOX compliance across the enterprise
Implements and maintains information privacy policies and procedures alongside legal counsel.
Assesses current information security capabilities, strengths, and weaknesses to assist in definition of the future-state information security model and roadmap.
Performs periodic information privacy risk assessments and monitors compliance regularly
Ensures that the organization acquires or distributes the appropriate authorization forms, consent forms, informational materials, legal notices etc. for customers, vendors, employees and other third parties
Ensures that all employees and vendors are given appropriate training on the following: proper handling of PHI/PII, proper intake of paperwork/forms, rules for network usage, information/data security risks, legal rights, disciplinary/legal actions for misuse of company, customer, vendor, or employee information etc.
Provides Leadership for the Information Security team, overseeing day to day delivery.
Assists in cross-functional knowledge sharing with other IT departments
Establishes and maintains strong collaborative working relationships with leadership across enterprise in order to build partnerships and determine the appropriate technology to support business needs and protect confidential data & information.
Maintains a strong level of communication with constituents regarding status of projects, issues or initiatives.
Enhances security by recommending appropriate changes to effect improvements with respect to the present systems and methods and the formulation of new and revised systems.
Develops vendor relationships to facilitate compliance with performance and security expectations and engage in contract management negotiations to facilitate the best performance / pricing / product mix.
Directs the selection and training of staff to meet strategic objectives and guidelines. Promotes and executes development plans which strengthen and broaden staff skill sets critical to their current and future job performance. Recognizes and promotes diversity.
Oversees security awareness and training within the organization as a whole.
Assists in planning for disaster recovery and incidence response.
Assists in the execution of audits and assessments performed both internally or by an external third party
Participate in gathering information to support legal or HR investigations
Other duties as assigned.
Thinks and acts strategically. Stays abreast of trends and advances in IT information security solutions and monitors changes in legislation that affect information security. Creates vision for information security and risk mitigation program and establishes business plan, justification and approach to achieve vision. Presents business cases to Senior Management to win acceptance and secure agreement to proceed.
Takes ownership for key initiatives. Coordinates strategies with other members of the IT team and other knowledgeable resources. Develops plans and budgets for implementing the strategies.
Skilled business professional versed in current technology and its applications
Excellent analytical, communications, interpersonal, and business judgment skills
Management experience with extensive management background in the development, implementation and support of information security systems and policies.
10+ years' experience in the successful management, development and/or operations of high volume healthcare/insurance/financial systems in complex environments.
Experience in vendor management, including contract negotiations and contract management.
Masters or other graduate degree in Business Administration, Computer Science, or equivalent work experience.
Security certifications CISM, CISSP, SSAE 16.
PCI compliance experience preferred.
PHYSICAL AND ENVIRONMENTAL CONDITIONS
Ability to work in a traditional professional office setting and operate a personal computer.
Ability to travel as required to support position needs.
Ability to work extended hours, as dictated by various project schedules. May include late nights, weekends and Holidays.