Valley Presbyterian: Information Security Program Manager

Employment Status:Full Time (72-80 Hours Per Pay Period)Job Category:Administrative & ProfessionalJOB SUMMARY:The Information Security Program Manager is responsible for ensuring information systems architecture, configuration, use, and functionality are compliant with regulations (e.G., HIPAA) and industry best practice to safeguard protected health information (PHI) and the integrity of information assets of VPH.

He or she ensures activities and functions of VPH information systems reflect VPH policies and procedures, federal and state laws, and industry standards.

The role is also responsible for ensuring disaster recovery and business continuity plans are in place for VPH information assets.

This leader assumes a primary role in incident response and vulnerability management.This position manages the information security risks and directs IT resources in the management of risk analysis, remediation or acceptance.

He or she will manage security risk remediation projects including deployment of new technologies, adoption of new procedures, and ongoing monitoring efforts.

This includes management of ongoing security awareness training and security incident response.

He or she works closely with the Compliance Officer with respect to privacy issues and possible breach response.The Information Security serves as the organizational Information Security Officer and is the subject matter expert for information security administrative and technical controls, and as such, serves as a resource to the CIO and other VPH departmental leaders.

He or she will make technology and process recommendations to the organization to ensure best practice.EXPERIENCE/QUALIFICATIONS:Four (4) plus years of information security experience, preferably in HealthcareIT Engineering experience in security systems (e.G., malware, server hardening, network intrusion detection, firewalls, etc)EDUCATION:Bachelor’s degree or equivalentLICENSURES/CERTIFICATION:At least one of the following security certifications required:Certified Information System Security Professional (CISSP)CISMCISACertified HIPAA Professional (CHP)Certified in Healthcare Privacy and Security (CHPS)Must successfully complete and maintain LA County Fire Card certification at the time of hire or within the first 30 days of employmentDUTIES AND RESPONSIBILITIES ( These are the essential job functions for this position.

The essential functions of this job include, but may not be limited to those listed in this job description.

Employees hired for this position must be able to perform the essential function of this job without imposing significant risk of substantial harm to the health or safety of themselves or others) :Develops and maintains Information Security program through establishment of information security governance, policies, technology framework, best practices in IT, and staff education and certificationCoordinates execution of security assessments, health checks and security enhancements.Develops, implements, and maintains information privacy and security policies, procedures, and guidelines through ongoing review and authorship.Performs periodic information privacy and security risk assessments while developing risk mitigation plans.Evaluates, recommends, and implements systems for detection and prevention of information privacy and security breaches.Oversees and continually improves information security awareness training programEvaluates all new systems for compliance with information privacy and security policies and procedures, federal and state laws, and industry standards through a risk assessment process.Maintains current knowledge of federal and state information privacy and security laws and industry standards.Serves as HIPAA Information Security Official (ISO)Coordinates the development of procedures and implementation of information technologies to ensure capability to recover from disaster or outages for each critical functional area of the organizationCoordinates, designs, develops, maintains, and exercises (tests) the overall IT disaster recovery plans for each critical functional area of the organization .Works with IT and non-IT staff on security program initiatives and resolves security related issues.

Provides leadership of projects and technical implementations.Directs penetration tests, vulnerability scans and the vulnerability management program.

Creates remediation plans to address relevant security findings.Monitors advancements in information security technologies and adapts new technology to enhance the company’s security posture.Creates security posture dashboard for management level reportingManages information security risk register and risk remediation efforts emanating from the most recent risk analysis under applicable frameworks.Manages the relationship with Security Operations Center (SOC), threat Intelligence providers, including all professional monitoring of security events, logs, and alerts.

Ensures and continually improves quality and value of the deliverables from these external partners.Takes active leadership role in coordinating security incident response including identification, containment, remediation, forensics and, in collaboration with Compliance Officer, breach notification.Assesses all security tools for effectiveness, appropriateness, obsolescence and makes recommendations for future tool investments and maintains the enterprise security position dashboardAudits business associate compliance with existing BAA and regularly reviews BAAs or other contractual terms and conditions related to security while making recommendationsAssists the CIO in development of information security presentations for executive leadership and board.The following job accountabilities are not unique to this particular job but are common to all jobs at VPH:Complies with VPH policies and procedures on customer satisfaction and service excellence.

Demonstrates professionalism and cultural sensitivity in coordinating activities and communicating with all customers, peers, and the community at large.

Conducts self in a professional, respectful and courteous manner during all interactions.

Works effectively and collaboratively with others toward common goals.Communicates accurately, honestly, supportively and in a timely manner with department and interdepartmental team members.

Demonstrates effective business writing and oral communication skills, handwriting is clear and legible.Participates in operational aspects of the department, and maintains/participates in performance improvement activities within the department.Participates in all departmental specific training, Environment of Care (injury/illness prevention, fire/life safety, hazardous materials, emergency preparedness, utilities management, medical equipment management, safety and security management), infection control (standard precautions, TB Exposure Control Plan, Bloodborne Pathogen Exposure Control Plan).Demonstrates knowledge of and follows safety practices.

Understands the importance of safety, including patient safety in the work place.

Maintains a safe environment for self and others.Actively participates in the Patient Safety Program, including event reporting.

Identifies sentinel events/near misses and responds per defined organization processes.

Participates in education activities and process implementation.

Demonstrates advocacy for the patient/customer and appropriately acknowledges patients, customers and visitors.The above statements reflect the essential functions considered necessary to describe the principle content of the job.

They are not intended to be a complete statement of all work requirements or duties that may be inherent in the job.WORK ENVIRONMENT:Primarily an inside building/office environment, well lighted and ventilated, which may consist of multiple treatment and/or work sites.Fast and continuous work pace with variable workload.Frequent contact with staff and public under a variety of circumstances.

Requires ability to communicate clearly (in English) verbally and in writing for effective communication with other staff members, physicians, vendors, community members, patients and patient families, employees and applicants of all socio-economic levels from a diverse cultural and ethnic population.Subject to many interruptions from multiple calls and inquiries and potentially emotional situations involving accidents, injuries, illness and/or death.Handles emergency/crisis situations in accordance with Hospital policy.Answers phones or pages; may carry a beeper/pager, and/or use a two-way radio.Occasional travel may be required.Potential risk of exposure to hazards from chemicals (toxic and non-toxic), flammable materials, gas or electrical or radiant energy or equipment with/without moving parts.Environment varies from standard office, to computer rooms, to infrastructure wiring closets, many times in harsh temperatures and dust.

PHYSICAL DEMANDS: Key for Physical DemandsContinuous66 to 100% of the timeFrequent33 to 65% of the timeOccasional0 to 32% of the time Clerical/Administrative Non-Patient CareFrequent/continuous sitting with occasional, intermittent standing/walking.Continuous use of bilateral upper extremities in fine motor activities requiring fingering, grasping, and forward reaching between waist and chest level.Occasional/intermittent reaching at or above shoulder level.Occasional/intermittent bending, squatting, kneeling, pushing/pulling, twisting and climbing.Occasional/intermittent lifting and carrying objects/equipment weighing up to 25 pounds.Continuous use of near vision, hearing and verbal communication skills in handling telephone calls, interacting with customers and co-workers and performing job duties.Moderate lifting and bending required for technical workModerate stressful situations due to the nature of the support work.