Information Security Manager

Position Summary

This position supports the Medical Faculty Associates ("MFA") including but not limited to assessing potential and actual risk to MFA data, business and IT infrastructures that support its clinical, academic, research, and administrative functions. The position ensures collaborative outcomes with external vendors, affiliates, and partners with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities related to IT governance, risk, and compliance. This role requires hands-on experience to implement, configure, optimize, and maintain various security tools, and partner with team members to architect security solutions on emerging technologies for the organization.

Job Description

• Conduct detailed security and third-party risk assessments to ensure projects and initiatives align with MFA compliance policies, standards, and procedures as well as HIPAA, HITRUST, HITECH and other government and medical agencies regulations
• Recommend remediation strategies including risk-based prioritization of action items and identification of mitigating controls; as well as evaluate, develop, and recommend new information security assessment tools/techniques
• Develop HIPAA-related training and awareness
• Collaborate with key stakeholders to identify, manage, and track risks
• Build and enhance existing security operations capability
• Develop and implement security policies, standards and in line with HIPAA and to ensure enterprise-wide risk mitigation
• Contribute to and develop best practices, strategies, methodologies, and documentation/templates
• Support and coordinate compliance focused units and programs
• Mentor and train team on information security
• Experience in hybrid environments involving hybrid on-premises and public / private cloud as well as numerous vendor specific SaaS solutions
• Participate in 24x7 on call rotation for Information Security
• The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position.

Qualifications

Education

• Bachelor's in computer science or equivalent preferred or related experience.

Certification

• CISSP, SANS certifications, CISA, CISM or Security+ preferred

Experience

• Familiar with HIPAA security rules, NIST cyber security standards, and PCI requirements
• Understands information security best practices and security frameworks
• Experience with enterprise security operations
• Experience with virtual and cloud environment
• Familiar with Electronic Health Record systems, PACS and connected medical devices
• Experienced in hands-on implementation, operation, and maintenance of various security tools
• Ability to complete security assessments and projects independently
• Change and project management experiences preferred

Competencies

Must be able to understand IT hardware, software, network, and technical concepts. Must be able to maintain confidentiality in regard to information processed, stored, or accessed by the systems is required. Must be motivated and a self-starter. Must have excellent verbal and written communication skills, and proficient in writing technical specifications. Must be able to respect different values, and work with people from different cultures and background in a professional manner. Must be able to follow and understand instructions and react favorably in all work situations. Must have strong interpersonal skills, maintain core principles but adaptable and flexible in various situations.