Oklahoma Mental Health Council Oklahoma City , OK 73113
Posted 2 weeks ago
SUMMARY
The ISM is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, managing, responding to and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of Red Rock and security best practices. The ISM position requires a working knowledge of information security technologies. The ISM will proactively work with IT staff and other Red Rock departments to implement best practices that meet defined policies and standards for information security. He or she will also oversee and participate in a variety of IT-related risk management activities. A key element of the ISM's role is working with the CIO and Management Team to determine acceptable levels of risk for the organization. The ISM must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as report on ongoing performance. The ISM coordinates with the IT organization's technical activities to recommend, implement and manage security infrastructure, and to provide regular status reports to the CIO. The ideal candidate is a thought leader, a consensus builder, and an integrator of people and processes. While the ISM is the leader of the security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that security is just one of Red Rock's activities. It cannot be undertaken at the expense of the Red Rock's ability to deliver on its mission.
The ISM's job is composed of a variety of activities, including tactical, operational and strategic activities, such as:
Strategic support
Security liaison
Architecture/engineering support
Operational support
ESSENTIAL FUNCTIONS AND RESPONSIBILITIES
Manages organization's information security program
Ensures information security strategy is aligned with organizational goals and objectives
Develops and maintains information security policies, procedures and standards
Identifies and manages existing and emerging risks to the organization
Promotes information security awareness within team and across the organization
Assists in the development of organization's disaster recovery plan/business continuity planning
Develop effective disaster recovery policies and standards to align with business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
Work directly with other departments to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout Red Rock on identifying acceptable levels of residual risk
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
Continual monitoring of security policies and technical controls
Assists IT Systems, EMR and Support managers in developing and maintaining security policies and processes
Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements
Monitor and ensure audit trails, system logs and other data sources are reviewed periodically and comply with policies and audit requirements
Assist resource owners and IT staff in understanding and responding to security audit failures and mitigate indications of risks or threats
Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide the administration of security tools such as Penetration testing, Vulnerability scans, WAF, Data Loss Prevention, etc.
Works in liaison with IT, Facilities, and Management to ensure projects are deployed securely
Ensures Incident Response Plan/Incident Management Process is followed for security incidents and Plan/Process is reviewed and updated as needed
Manage and coordinate operational components of incident management, including detection, response and reporting and participate in problem and change management
Ensure timely reporting and adequate participation in investigation for security incidents.
Manage the day-to-day activities of threat and vulnerability monitoring, management, identify risk tolerances, recommend response and remediation plans and communicate information about residual risk
Monitor the external threat environment for emerging threats, and advise relevant IT staff and stakeholders on the appropriate courses of action.
Serve as organization's HIPAA Security Officer
Responsible for annual HIPAA Risk Assessment and ongoing Risk Management to ensure Red Rock meets HIPAA requirements
Works with CIO and other IT staff to develop and test Disaster Recovery Plan
Assists with other special projects and tasks as required
Cross-trains and assists in other areas of IT as required
Maintains core competencies in relation to working with co-occurring disorders through continuing education and implementing skills into all aspects of treatment
Attends staff meetings, workshops and seminars to learn agency policy, rules, regulations and procedures; participates in ongoing in-service training as well as pertinent external training
Ability to work in pressure situations to meet required deadlines; flexibility in work schedule
Technical writing skills and ability to train all levels of users
QUALIFICATIONS
Relevant Associate or Bachelor's degree preferred
Seven years relevant experience
Technical writing skills
Excellent verbal communication skills
Must be able to manage and schedule multiple projects in an ongoing basis with ability to prioritize and work as a team member and independently
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Knowledge of healthcare environment preferred
Extensive experience in an Active Directory environment
Extensive experience in a Microsoft 365 Admin/Compliance environment
Extensive experience in EDR software such as SentinelOne, Crowdstrike, Cylance, Carbon Black
Extensive experience in email security solutions such as MimeCast, Proofpoint, Barracuda
Extensive experience in MDR software such as Blackpoint, Arctic Wolf, Red Canary
Certifications for information security professionals (CISM, CISSP, CISA, etc.)
An understanding of operating system internals and network protocols.
Experience in coordinating and managing system technology security testing (vulnerability scanning and penetration testing)
Familiarity in application technology security testing (white box, black box and code review)
Commitment to the mission of Red Rock BHS
BENEFITS (Full-Time Staff Only)
95% Employer Paid Health Insurance Plan
Dental Insurance
Vision Insurance
Some Positions Qualify for NHSC Student Loan Repayment
403B Retirement Plan with 5% Employer Contribution
Annual Professional Growth Funds
3 Weeks Paid Time-off
Employer Paid Life Insurance and Long Term Disability
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
Red Rock Behavioral Health Services does not discriminate based on race, color, national origin, religion, gender, gender identity, age, marital/familial status, sexual orientation, or disability.
Oklahoma Mental Health Council