Supervisor IT Support

About The Position

Requirements

• Bachelor’s Degree required or in lieu of bachelor’s degree, Associate’s degree preferably in computer sciences, risk management, information assurance, or related field with a minimum of ten (10) years’ relevant work experience.
• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) certification is required.
• Five (5) years’ experience in a similar job role for a mid to large organization, preferably in healthcare with a healthcare provider.
• In-depth experience in the following practice areas: Familiarity with HIPAA, HITRUST and other relevant regulations.
• Familiarity with NIST standards.
• Proven track record of developing and implementing successful information security programs
• Cybersecurity risk management
• Experience with data privacy and protection.
• Experience with security compliance audits and assessments.

Responsibilities

• Overseeing, implementing and managing compliance with the organization’s information security program.
• Developing and maintaining security policies, procedures, risk register, and security standards to protect sensitive data and ensure compliance with HIPAA and other relevant regulations and selected security standards.
• Conducting training, and managing security controls for the organization.
• Collaborating with the Director, Information Technology and stakeholders to develop, implement, and maintain, security process for the organization that aligns with chosen industry practices and regulatory requirements.
• Managing appropriate governance, risk, and compliance (GRC) activities to maintain and improve cybersecurity posture.
• Conducting regular risk assessments to identify and prioritize potential security threats and vulnerabilities and develop mitigation strategies to address the risks as prioritized.
• Developing and implements cybersecurity controls that are aligned with policy.
• Maintaining the incident response plan to effectively manage and respond to security incidents.
• Serving an advisory role for legal and privacy teams in matters of policy violations and manage security events; assist with legal matters associated with such violations as necessary.
• Ensuring organizational compliance in accordance with information security policies, standards and procedures.
• Managing the exceptions process and documents all exceptions.
• Acting as a Focal point for all information security related audit work (internal & external).
• Coordinating with auditors in the execution of audits.
• Developing a strategy for handling audits and external assessment processes for relevant regulations.
• Ensuring compliance with HIPAA, HITRUST and other relevant regulatory frameworks by conducting regular audits and assessments.
• Assessing information systems under consideration for procurement for cyber risk.
• Developing and maintaining security awareness training programs for staff, providers, and other system end users to best practices for upholding and complying with our systems security policies, procedures and best practices.
• Collecting data and provides regular reporting on the current status of the information security program metrics to management and executive leadership.
• Developing and maintain a program to ensure that processes and controls related to patch management are observed and reported.
• Tracking metrics and reporting for established framework to measure the efficiency and effectiveness of the security program.
• Working collaboratively to increase the maturity of the information security program, and review risks with stakeholders at multiple organizational levels.
• Tracking vendor security practices to ensure third-party service providers and information services solutions meet the organization’s security requirements.
• Performing other duties as assigned.