IT Compliance/Cyber Security Administrator

DETAILED JOB DESSCRIPTION:

• Works with legal counsel and management, key departments, and committees to ensure the organization establishes, maintains, and, where appropriate, provides appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization privacy-related practices and requirements.
• Establishes and administers a process for receiving, documenting, tracking, investigating, and acting on all complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary
• Initiates, facilitates, and promotes activities to foster information privacy awareness within the organization and related entities.
• Coordinates privacy safeguards with security officer to ensure consistency in development, documentation, and training for security and privacy requirements. Serve as the organization's resource to regulatory and accrediting bodies for matters relating to privacy and security.
• Supports any audits concerning state or federal privacy laws or regulations.
• Develops and presents to management on an annual basis a report on privacy-related issues and compliance for the organization in the past 12 months.
• Develops a security training program. Ensures the security training program supports both the privacy training program and information security program.
• As part of the organization information security program, collaborates with the Privacy Officer to develop and implement security policies, procedures, and guidelines necessary to direct and carry out the objectives of the organization information security program; research and recommend new security measures for implementation; and monitor and test the security practices employed for effectiveness.
• Collaborates with the Privacy Officer to ensure that the following policies and procedures are in place; security policies and procedures; baselines security safeguards, risk assessment; security risk management; security administration; security of the computer network; security of computing assets; physical security; disaster recovery plan; third party service provider security due diligence and monitoring.
• Maintains documentation regarding levels of access granted to each information system user in the organization and reviews these levels of access periodically and when the status of the workforce member changes - controlling access, as appropriate.
• In coordination with legal counsel and outside vendors, as appropriate, investigates, responds to, and remediates security incidents. Coordinates with the Privacy officer as outlined in Incident Response Plan.
• Oversees third parties who perform technical system maintenance activities in the organization and works with legal counsel to ensure that such third parties comply with appropriate security practices to comply with organization information security program,
• Develops and presents to management on an annual basis a report on security-related issues and compliance for the organization in the past 12 months.