Information Security Project Manager
The Information Security Project Manager is responsible for ensuring information systems architecture, configuration, use, and functionality are compliant with regulations (e.g., HIPAA) and industry best practice to safeguard protected health information (PHI) and the integrity of information assets. He or she ensures activities and functions of information systems reflect policies and procedures, federal and state laws, and industry standards. The role is also responsible for ensuring disaster recovery and business continuity plans are in place for information assets. This leader assumes a primary role in incident response and vulnerability management.
• This position manages the information security risks and directs IT resources in the management of risk analysis, remediation or acceptance. He or she will manage security risk remediation projects including deployment of new technologies, adoption of new procedures, and ongoing monitoring efforts This includes management of ongoing security awareness training and security incident response.
• The Information Security serves as the subject matter expert for information security administrative and technical controls, and as such, serves as a resource to the CIO and other departmental leaders. He or she will make technology and process recommendations to the organization to ensure best practice
• Develops and maintains Information Security program through establishment of information security governance, policies, technology framework, best practices in IT, and staff education and certification
• Coordinates execution of security assessments, health checks and security enhancements.
• Develops, implements, and maintains information privacy and security policies, procedures, and guidelines through ongoing review and authorship
. • Performs periodic information privacy and security risk assessments while developing risk mitigation plans
. • Evaluates, recommends, and implements systems for detection and prevention of information privacy and security breaches
. • Oversees and continually improves information security awareness training program
• Evaluates all new systems for compliance with information privacy and security policies and procedures, federal and state laws, and industry standards through a risk assessment process
. • Works with IT and non-IT staff on security program initiatives and resolves security related issues. provides leadership of projects and technical implementations.
• Directs penetration tests, vulnerability scans and the vulnerability management program. Creates remediation plans to address relevant security findings
. • Monitors advancements in information security technologies and adapts new technology to enhance the company’ s security posture.
• Creates security posture dashboard for management level reporting
• Manages information security risk register and risk remediation efforts emanating from the most recent risk analysis under applicable frameworks.
. • Assesses all security tools for effectiveness, appropriateness, obsolescence and makes recommendations for future tool investments and maintains the enterprise security position dashboard
• Four (4) plus years of information security experience in a healthcare environment
EDUCATION: • Bachelor’ s degree or equivalent LICENSURES/CERTIFICATION