IT Security

Source: National Cyber Security – Produced By Gregory Evans

IT Security

Position Purpose:

The Information Security Manager (ISM) is an integral part of the IT leadership team and oversees IT daily security operations at Renown. The ISM is responsible for the integrity, confidentiality, and availability of Renown Health proprietary data, protected health information and personally identifiable information through the application of information security best practices and concepts. The ISM will improve overall security operational objectives by contributing information and recommendations to strategic plans and reviews; preparing and completing action plans; implementing production, productivity, quality, and customer-service standards; resolving problems; completing audits; identifying trends; determining system improvements, and implementing change.

 

Nature and Scope:

 

The Information Security Manager will be responsible and accountable for assisting with:

·         Creation and maintenance of various department tools, that includes working with MS Access and SQL databases

·         Responds to audit action items that includes providing supporting documentation to auditors, evaluating audit results for relevance/accuracy, and working with teams to remediate audit findings.

·         Creating, updating, reviewing department and organizational wide policies and procedures to adhere to industry best practices, laws and organizational requirements

·         Overseeing organizational wide information security training and awareness to ensure employees understand the integral role they play in safe guarding the company’s information assets against unauthorized use and disclosure.

·         Responsible for the direct oversight and management of incidents that would be considered a security risk including system outages, malicious cyber threats and/or any situation where there is a loss of productivity due to system failure.

·         Leads the Information Security team on the research, coordination, investigation, documentation and reports out on the remediation or mitigation of known vulnerabilities and exploits that impact or have the potential to impact the Renown network.

·         Assists in the construction of Identity access management procedures and multifactor authentication systems.

·         Leads the implementation, maintenance and tuning of a data loss prevention program in order to assure data privacy and security is in compliance with company policies and state and federal laws.

·         Assists the Security team in vulnerability remediation and penetration testing of the Renown network to futureproof against potential exploits.

·         Leads the Security team in the discovery and report of any systems and/or users that are not conforming to the Renown usage policy and report their findings to HR.

·         Responsible for leading investigations, classifying, documenting, remediating and reporting on security incidents that would be considered a risk to the company such as cyber threats, system outages, log failures and/or unusual system behaviors.

·         Collaboration with third party security and IT services providers

·         Participation in IT Solutions Committee, Privacy and Security Committees

 

The Information Security Manager will be accountable for:

·         Risk assessments performed on third party vendors evaluating on security best practices and legal requirements to ensure that Renown does not inherent unacceptable risk by doing business with that vendor.

·         The Security teams cooperation with team members to effectively analyze and assess any new technologies and/or ideas that would be considered a security risk and therein perform evaluations and give feedback on any recommended or require remediation.

·         Responsible for assistance with, reviewing, validating access and ensuring required documentation is in place for new and existing members of Renown, including third party vendors before they are granted access to Renown computer systems.

·         The review and validation of user access to various systems to identify unauthorized access and ensure the principle of least access privileges is followed.

 

The incumbent, under general direction of the Chief Information Security Officer (CISO), has the authority to change, determine and/or request the available resources required to ensure the security of the data communications network, and to make decisions and recommendations relative to maintaining a secure networking environment or improving business functionality. Decisions that must be referred to the director include software and hardware acquisitions, personnel management, policy deviations, financial matters, and changes that could adversely impact network security performance and/or integrity.

 

Also, under the general direction of the CISO, the ISM will lead the design, implementation, and maintenance of an Identity and Access Management System.

 

The foregoing description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills, and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job.

 

This position does not provide patient care.

The foregoing description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job.

Minimum Qualifications:  Requirements – Required and/or Preferred

Education:

Requires B.S. or B.A. in information technology or related field. Prefer concentration in information security or cybersecurity.  Experience may be substituted for education on a year-for-year basis.  Must have working-level knowledge of the English language, including reading, writing and speaking English.

Experience:

Requires previous management experience in the areas of information security, network engineering or server administration.  Requires expertise with Microsoft Access and Excel and 1 (one) year experience in data analysis. Requires project management experience.  Strongly preferred is a high level of understanding NIST framework and compliance processes.  

Certification(s):

Preferred Certified Information Security Systems Professional (CISSP), Systems Security Certified Practitioner (SSCP), or Certified Information Systems Auditor (CISA)

Computer / Typing:

Professional:

Must be proficient with Microsoft Office Suite, including Outlook, PowerPoint, Excel and Word and have the ability to use the computer to complete online learning requirements for job-specific competencies, access online forms and policies, complete online benefits enrollment, etc.

The post IT Security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Leave a Reply

Your email address will not be published. Required fields are marked *

38 − = 28