Under the general direction of the CIO, the Information Security Officer (ISO) is responsible for the development and delivery of a comprehensive information security and privacy program for the company. The scope of this program is company-wide, and includes information in electronic, print and other formats. The purposes of this program include: to assure that information created, acquired or maintained by the organization, and its authorized users, is used in accordance with its intended purpose; to protect company information and its infrastructure from external or internal threats; and to assure that complies with statutory and regulatory requirements regarding information access, security and privacy.
-Compliance and Enforcement
Serve as the compliance officer and work with the HIPAA-Privacy Officer on compliance issues as necessary. Prepare and submit required reports to external agencies.
Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties. Serve as the official contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.
-Risk Assessment and Incident Prevention
Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
Act as the CIO’s designee representing WHI on Information Security matters; serve as the contact point for external auditors and agencies, survey requests, etc. on security/privacy matters.
Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and
vulnerabilities pertaining to WHI and its mission.
Take part in Disaster Recovery Planning.
We are an equal opportunity employer.
Education: Bachelor’s degree required. Advanced degree preferred.
Experience: Minimum seven years of experience in information security, information technology or related field. Experience in developing and administering an information security program is desirable. Working knowledge of and experience in the policy and regulatory environment of information security, especially in healthcare is desirable. Excellent project management, written and oral communications skills desired. Ability to work collaboratively is essential. A demonstrated ability to work with diverse groups of people is required.
Posted By: firstname.lastname@example.org
Thank you for applying to the Information Security Officer position. We received your application and will contact you shortly.