iMethods is currently seeking an experienced Information Security Manager for a full time position that will require someone to relocate to the Jacksonville, FL area.
Reports to: Vice President of Information Technology and Chief Technology Officer
General Description of the role: the Information Security Manager provides recommendations and provides day to day direction for the Information Security Program through the use of policy, procedures, appropriate technical controls, and the guiding of the resources within the Information Security team as well as resources outside of the Information Security team in order to reduce risk, and protect the confidentiality, integrity, and availability of the health system's information systems in support of its mission to provide quality health care. He/she works closely with Vice President of Information Technology, HIPAA Information Security Advisory Committee, Risk, Patient Safety and Privacy department, others to ensure the best possible information security technology safeguards, threat management and incident response capabilities are in place.
- Protect and ensure the safe and secure availability of quality health care in support of the health system mission through effective management and continuous improvement of the information security program
- Line management and leadership of staff within the Information Security department and function
- Provide leadership for the Information Security Program
- Serve as liaison between the Information Services and other departments to continually improve the health system Information Security Program; working closely with departments such as HR, Risk, Privacy, Legal, Audit, and Physical Security
- Lead the continual development of the Information Security Program to be in compliance with applicable healthcare laws and regulations (such as HIPAA) based on standards including NIST and ISO 27000
- Oversee information security risk analysis and assessments, ensuring appropriate documentation is completed and items requiring remediation are followed up on appropriately
- Work closely with the Internal Audit Department on information security initiatives, and have primary responsibility for managing third-party security audits.
- Manage and oversee all access management, including application access, account provisioning, account de-provisioning, and folder and file access
- Drive process documentation and process improvement to provide improved secure posture and better customer service where possible
- Maintain an effective information security awareness program
- Manage the security incident response plan and processes
- Ensure security logs reviewed regularly and systems fine-tuned as needed
- Identify where gaps exist, develop plan, and escalate to leadership appropriately for effective decision making
- Interpret Information Security threats and vulnerabilities and report risks to IS leadership
- Manage information security policies
- Bachelor’s degree in the field of computer science or related field
- Minimum of 10 years of work experience in information technology
- Minimum of 4 years of information security experience, preferably in healthcare
- Minimum of 5 years of direct employee supervision
- Possess one or more of the following security certifications: GIAC Security Essentials Certification, GIAC Security Leadership Certification, ISACA Certified Information Security Manager, SCCP, CISSP, ISSAP
- Job related experience with one or more of the following: ISO 27000 standards, NIST Special Publication 800 Series
- Hands on experience with information security risk management methodologies and risk assessments (vital because information security risk management is a foundation of any good information security program)
- Experience with Business Continuity and Disaster Recovery
- Experience in IDS/IPS
- Strong understanding of TCP/IP and other network fundamentals
- Demonstrated ability to manage 3rd party vendor relationships
- Project Management experience required; PMP Certification preferred
- Excellent written and interpersonal communication skills
Required Leadership Experience:
- Min 5 years of direct employee supervision
- Demonstrated ability to lead and develop department staff members
- Experience developing and managing budgets
- Demonstrated ability building relationships across an organization to accomplish goals and objectives
Expected Leadership Competencies
- Integrity/Honesty: Behaves in an honest, fair, and ethical manner. Shows consistency in words and actions; models high standards of ethics.
- Developing Others: Develops the ability of others to perform and contribute to the organization by providing ongoing feedback and by providing opportunities to learn through formal and informal methods.
- Strategic Thinking: Formulates objectives and priorities, and implements plans consistent with the long-term interest of the organization. Capitalizes on opportunities and manages risks.
Accountability: Holds self and others accountable for measurable high-quality, timely, and cost effective results. Determines objectives, sets priorities, and delegates work. Accepts responsibility for mistakes. Complies with established control systems and rules