Purpose of Position
Work with the Director of Information Security to develop ongoing support of information security policies and procedures in order to maintain the confidentiality, integrity, and availability of all organizational healthcare information systems.

Description
1. Responsible for implementing, managing, and enforcing information security directives as mandated by HIPAA and Information Security best practices.
2. Acts as a subject matter expert (SME) for security tools, applications, and processes, including Microsoft Azure and Office365, Trend Micro, DUO, Imprivata, Nessus
3. Evaluate and respond to alerts and events from the security tools, including tuning of tool configuration to minimize false positives, development of event response documentation and processes for Security Operations Center response to follow for event actions, and escalating to appropriate teams for event response
4. Ensure the ongoing integration of information security with business strategies and requirements.
5. Ensure that the access control, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed
6. Lead information security awareness and training initiatives to educate workforce about information risks.
7. Perform ongoing information risk assessments and audits to ensure that the information systems are adequately protected and meet HIPAA certification and other regulatory requirements.
8. Work with outside consultants and other third parties to improve information security within the organization.
9. Lead and incident response team to contain, investigate and prevent future computer security breaches.
10. Work closely with server and network engineers to mitigate risks.
11. Performs other work-related duties as assigned or requested.
12. Consistently provides service excellence to all patients, family members, visitors, volunteers, and co-workers.
13. Challenges current working practices: identifies process improvement opportunities and presents recommendations and solutions to management. Engages and commits to the organization's culture of continuous improvement by actively participating, supporting, and promoting CCHC Pillars of Excellence.

Qualifications
· CISSP (Certified Information Systems Security Professional) certification required
· Similar technical certifications will be considered with a commitment to obtain the CISSP within six months of hire.
· B.S. In an Information Technology related field, training; or equivalent combination of education and experience.
· Five years experience providing security audits, risk assessments and remediation, and penetration testing in a large corporate environment; preferably in a healthcare environment.
· Strong technical skills a must (application and operating system hardening, vulnerability assessments, security audits, intrusion detection systems, firewalls, etc).
· General understanding of Microsoft cloud security.
· Outstanding interpersonal and communication skills.
· Must possess a high degree of integrity and trust along with the ability to work independently.
· Excellent documentation skills.
· Ability to weigh business risks and enforce appropriate information security measures.
· In-depth knowledge of the HIPAA Security Rule and other government technology laws.