Information Security Specialist (49108)

About The Position

Requirements

• Must be honest and ethical, verifiable through character references.
• Must have the demonstrated ability to exercise good judgment and discretion.
• Must have adequate verbal and written communication skills, including effectively explaining complex technical concepts and issues to non-technical and business audiences.
• Must have demonstrated proficiency with applicable technologies, including operating systems, network infrastructure, security monitoring tools, and Microsoft Office applications.
• Must learn quickly in a highly technical and continually changing environment.
• Must be able to balance the needs of many concurrent projects and work effectively with cross-functional teams.
• Must be able to respond as needed to crisis or emergency situations efficiently and effectively.
• Must have the ability to work independently as well as collaboratively with others in a manner that is pleasant and professional.
• Must be willing to seek out opportunities and contribute ideas and efforts toward constantly improving WestCare services and processes.
• Must have a professional appearance and demeanor.
• Must have a valid driver’s license, a clean motor vehicle record, and carry applicable insurance as required by state law.
• Must have the willingness to travel to other WestCare facilities when necessary.
• Must have the willingness to be cross trained in other functions of the Information Technology department, including, but not limited to, help desk, field support, and application support.
• Associate degree or equivalent certification and experience, preferably in information technology, information security, or a related field.
• A minimum of one year of relevant experience, preferably in the healthcare sector.
• The willingness to pursue relevant IT and security-related training and certifications.

Responsibilities

• Works with the Director of Information Security and Chief Information Officer (CIO) to build a team-oriented environment that promotes dependability and fairness and rewards collaboration, information sharing, tolerance, and open-mindedness.
• Ensures that WestCare’s information security program complies with relevant laws/regulations (HIPPA, 42 CFR Part 2, Red Flags Rule, various state data protection laws, etc.), accreditation standards (The Joint Commission and CARF) and internal policies and standards.
• Adheres to all WestCare’s policies, plans, standards, and procedures and helps enforce those related to information security, vendor risk management, business continuity, and record retention and management.
• Manages, monitors, and enhances the controls for a strategic, comprehensive information security program.
• Evaluates staff submissions of suspicious emails, determines containment or escalation steps, and communicates outcomes and lessons learned.
• Designs and delivers phishing simulations, awareness surveys, and role-based security training, using results to drive measurable improvement in organizational security posture.
• Develops, updates, distributes, and presents security awareness materials and communications tailored to technical and non-technical audiences.
• Performs information security facility reviews and track issues until resolved.
• Mentors and trains members of the Security Champions program.
• Develops, updates, distributes, and presents security training and awareness materials.
• Monitoring various information security systems, including those for asset inventory, data loss prevention, endpoint protection, security incident & event management, and vulnerability management.
• Analyzing data from various information security systems and reports findings when appropriate.
• Performing forensics investigations and associated tracking related to information security concerns and incidents. When necessary, assisting with the implementation of relevant incident response plans and emergency procedures.
• Performing access control reviews, configuration management reviews, security risk assessments, and vulnerability assessments.
• Monitoring threat intelligence and other industry information sources. Alerting the IT Department and/or management when necessary and appropriate.
• Remains knowledgeable of trends and developments in information security through ongoing training and professional development.
• Acts as a WestCare representative and liaison with external partners/collaborators.
• Embraces/embodies the mission, vision, guiding principles, and goals of WestCare.
• Performs other relevant duties as assigned.