Information Security Officer - Sac

Sutter Health Roseville , CA 95661

Posted 2 months ago

The Information Security Officer (ISO) position requires a leader with strong knowledge of privacy and information security best practices within the healthcare environment. The ISO must possess effective communication and people skills, strong leadership qualities, thorough understanding of security best practices, technologies, and controls, and the ability to translate these discrete concepts into business-friendly terminology. The ISO must also maintain a strong understanding of risk management and governance practices and the use of risk methodologies.

Reporting to the Deputy Chief Information Security Officer (CISO), the Affiliate Information Security Officer (ISO) is responsible for establishing and maintaining the information security program at Sutter Health affiliates, including hands-on execution and day-to-day management of the Affiliate Information Security Program. The ISO is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.

The ISO enables the organization to achieve its mission of providing world-class health care to its communities and proactively works with business units to evaluate, educate, and implement practices that meet defined policies and standards for information security. The ISO effectively works with affiliate and enterprise leadership to determine acceptable levels of risk for the organization and reports on variance. The ISO maintains a deep knowledge about the business environment and ensures ongoing security controls are maintained.

In addition, the ISO advises the appropriate Organizational Unit (OU) DCISO regarding the Information Security Program Strategic Plan and Roadmap, and budget required to maintain the security risk profile as directed by the Sutter Health Board of Directors and senior leadership. The ISO represents Information Security at business executive leadership, steering, governance, and board committees.

As the security leader for the assigned area of responsibility, the ISO fosters a culture of security among the Sutter Health workforce within the affiliates and foundations. In addition, the ISO collaborate with affiliate and foundation executives, Compliance, Legal, Privacy, Human Resources, Sutter Health IS management and staff, and other personnel as appropriate in matters relevant to information security.

Education

Bachelor's Computer Science, Information Security, Business, Management, Information Technology or related field. As typically found in 4 years in field required.

Master's Computer Science (MCS), Information Security (MSIS), Business (MBA), Healthcare Management (MSHCM), or related field preferred.

Licensure

Certified Information Systems Security Professional

  • CISSP required.

Certified Information Security Manager

  • CISM preferred.

Other Healthcare Certified Information Security HealthCare Information Security and Privacy Practitioner (HCISPP)

Security certifications preferred.

Experience

Seasoned leader with proven track record of leading information security initiatives in a healthcare environment Required

A minimum of 8 years' combined experience in IT and information security, three of which must be in information security Required

Leadership experience in programs, projects, and initiatives in a clinical provider environment Required

Demonstrated success in security program transformation initiatives and ability to apply creative and customized security solutions for the business Required

Experience interpreting and applying industry frameworks such as ISO 27001 and HIPAA Security and Privacy Rule requirements Required

Proven track record of building productive relationships with key business and IT leaders Required

Extensive experience managing information security in a complex technical environment consisting of all levels of hardware platforms, WAN/MAN/LAN, Client-Server and Thin Client applications, Intranet/Extranet/Internet and Web Required

Solid experience showcasing excellent project management and effective leadership of multidisciplinary teams that successfully defined, developed, and delivered various information security solutions Required

Comprehensive management experience demonstrating leadership across all of the major functions of security, technology, and interfacing with the business and clinical leaders Required

Skills and Knowledge

Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management

Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration

Knowledge and understanding of relevant legal and regulatory requirements including participating in audit teams/process, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAEC-16 Soc 2 and other industry initiatives and regulations

Strong understanding of the business impact of security tools, technologies, and policies

Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications

Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs

Comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.)

Understanding of and experience with Lean or other process improvement philosophies and methodologies desired

Excellent written and verbal communication skills, including the ability to give presentations and translate complex technical concepts and the digital security viewpoint into business and clinician relatable language

Excellent problem-solving and analytical skills

Strong ability to establish and maintain a high level of customer trust and confidence

Demonstrated ability to work under stress in emergencies, and the flexibility to handle simultaneous high pressure demands

Proven ability to drive through obstacles and deliver computing capability across a broad spectrum of technologies and entities

Strong attention to detail

Ability to prioritize tasks so work is completed in an accurate, timely manner

Advanced level of competency in Microsoft Office Suite, as well as other relevant software for research and analysis

Highly self-motivated and self-directed

Must be creative and personable

Capable of pulling together many disparate facts and observations into one overall plan

Ability to work well in a group setting with a broad range of system experiences

Ability to quickly learn new systems/applications and grasp fundamentals/concepts of systems

Ability to shift gears midstream and move in different direction when needed

Strong negotiation and vendor relationship skills

Skill in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment

High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity

Ability to interact with all stakeholders and build strong relationships at all levels and across all business units and organizations

Understands business imperatives

Demonstrated comprehension of infrastructure and systems development

Demonstrated ability to develop and report on metrics

Excellent communication, facilitation, writing, and public speaking skills



icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Privacy & Information Security Officer Special Projects

Sutter Health

Posted 2 days ago

VIEW JOBS 10/18/2019 12:00:00 AM 2020-01-16T00:00 The Privacy and Information Security Officer position requires a leader with strong knowledge of privacy and information security in healthcare The Privacy and Information Security Officer must possess effective communication and people skills, strong leadership qualities, thorough understanding of privacy and information security best practices, technologies, and controls, and the ability to translate these discrete concepts into business-friendly terminology. The individual must also maintain a highly informed understanding of risk management and governance practices and demonstrate the ability to use risk methodologies. Assures adherence to applicable Federal and State regulations. Provides ongoing education and training to workforce members on privacy and information security requirements involving the appropriate use, disclosure, and storage of PHI. Investigates and maintains documentation of privacy incidents and ensures timely reporting to patients and government entities as required by law. Develops and conducts periodic risk assessments, monitors key elements of the privacy and information security program, and ensures implementation of training programs for members of the health plans' workforce.Education Bachelor's degree in health care, information technology or related field is required or equivalent education and experience. Master's Master's or Juris Doctor desired. Licensure Certified Information Security Manager (CISM) or Health Care Information Security and Privacy Practitioner (HCISPP) required within 1 year. Privacy and Research Certification through HCCA required within 1 year. Experience Significant experience in a healthcare leadership role with an emphasis on the implementation of a privacy and information security program in a patient care environment as typically acquired with a minimum of 3 years' experience is required. * Experience conducting efficient and regular training, investigations, risk assessment and auditing and monitoring activities * Experience in project management and effective leadership of multidisciplinary teams * Demonstrated success in research program transformation initiatives and ability to apply creative customized privacy and information security solutions for the business * Experience interpreting and applying industry frameworks such as ISO 27001 and HIPAA Security and Privacy Rule requirements * Seasoned leader with proven track record of leading privacy and information security initiative in a healthcare environment * Experience managing privacy and information security in a complex technical environment consisting of all levels of hardware platforms, WAN/MAN/LAN, Client-Server and Thin Client applications, Intranet/Extranet/Internet and Web * Comprehensive management experience demonstrating leadership across all of the major functions of security, privacy, technology and interfacing with business and clinical leaders Knowledge * An in-depth working knowledge of current privacy and information security regulations and other pertinent and applicable State and Federal regulations related to protected health information is required. * An understanding of various research regulatory requirements, familiarity with and the ability to assimilate and interpret research policy and regulations in research activities. * Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management * Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration * Knowledge and understanding of relevant legal and regulatory requirements including participating in audit teams/process, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAEC-16 Soc 2 and other industry initiatives and regulations * Strong understanding of the business impact of security tools, technologies, and policies * Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications * Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs * Comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare research environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.) Skills Excellent written and verbal communication skills, including the ability to give presentations and translate complex technical concepts and the digital security viewpoint into business and clinician relatable language * Excellent problem-solving and analytical skills * Strong ability to establish and maintain a high level of customer trust and confidence * Demonstrated ability to work under stress in emergencies, and the flexibility to handle simultaneous high pressure demands * Ability to prioritize tasks so work is completed in an accurate, timely manner * Advanced level of competency in Microsoft Office Suite, as well as other relevant software for research and analysis * Highly self-motivated and self-directed * Capable of pulling together many disparate facts and observations into one overall plan * Ability to work well in a group setting with a broad range of system experiences * Ability to quickly learn new systems/applications and grasp fundamentals/concepts of systems * Ability to shift gears midstream and move in different direction when needed * Strong negotiation and vendor relationship skills * Skill in developing information privacy and security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment * High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity * Ability to interact with all stakeholders and build strong relationships at all levels and across all business units and organizations Sutter Health Roseville CA

Information Security Officer - Sac

Sutter Health