Job Description
| The Regional Information Security Officer (RISO) will be responsible for the delivery implementation and ongoing management of all Information Security Office (ISO) programs within and throughout the Regional Health Corporations in their respective regions of responsibility The primary areas of focus for this position include the delivery and implementation of programs that include but are not limited to Policies Standards and Controls Security Awareness and Training Risk Assessment Remediation Management Incident Management and Response Business Continuity and Third Party Risk The Regional Information Security Officer will deliver implement and manage CHE information security programs for the Regional Health Corporations in their areas of responsibility Act as the liaison between the ISO at the Systems Office and the CIO Compliance Officer Privacy Officer and technical and security teams within each RCH Manage processes that ensure the proper implementation of all policies standards and controls across throughout their assigned regions Integrate initiatives with key technology drivers in their assigned RHCs efforts to provide a coordinated approach to governance and compliance management Provide tactical security guidance for all IT projects including the evaluation and recommendation of security controls Consult with RHC executive management to determine acceptable levels of risk for the project Information Security Officer Liaison for incident response planning and management of security incidents and events to protect IT assets (eg information critical infrastructure intellectual property and reputation) such duties to include overseeing the investigation of security breaches and assisting with disciplinary and legal matters associated with such breaches as necessary Ensures the proper planning and resource prioritization needed to maximize the effectiveness of the implementation of security programs within the assigned RHCs Play a consultative role in formulating responses to external and internal audits and identify gaps and develop remediation plans based on CHE ISO policy and best practices in the area of technology governance and control practices Lead ongoing initiatives that facilitate the proper implementation of information security practices across the enterprise eg identity and access management (IAM) HIPAA and Meaningful Use Payment Card Industry Compliance Data Governance and Management etc Anticipates and provides solutions for complex information security problems and issues Rapidly absorbs complex technical and conceptual information to identify security issues and implications Able to present understandable alternatives to both technical and nontechnical individuals at all levels of the organization Provides recommendations to the senior IS Leadership towards adoption and implementation of information security standards that support the mission and strategies of CHE Demonstrates the commitment to customer service by providing responsive and effective support developing solid working relationships with customers and Information Services colleagues and delivering high quality valueadded services that exceed customer expectations In collaboration with Information Security Office develops and maintains a mechanism to monitor compliance and customer satisfaction Drive and implement Governance Risk and Control (GRC) measurement and enforcement processes that ensure adherence with technical and industry standards and processes Reports on ongoing security status controls and initiatives through metrics and dashboards established by the ISO through the GRC program Serve as the regional information security subject matter expert and Interface with RHC executive management to communicate the status of technical compliance through operational metrics presentations and recommendations Represents their assigned region on the Security Officer Workgroup Demonstrates commitment by promoting and adhering to the CHE System Office Code of Conduct which includes the objectives of CHErsquos compliance program policies and procedures and ethical business practices Promotes open effective and ongoing communication and the sharing of information among colleagues and sets the expectation that matters of concern get reported immediately Performs other duties as assigned by appropriate personnel Position Requirements Education Certifications or Licenses Bachelor degree in Information Assurance Technology Risk Management Business or related field Masterrsquos degree preferred CISA CISSP CISM preferred PMP preferred Experience 35 years of progressive leadership experience in the areas of information security and compliance 3+ years of experience implementing security plans and developing and publishing security metrics to a diverse audience 3+ years of experience implementing or managing programs such as Meaningful Use HIPAA Security HiTRUST PCI Data Management and Access Governance Skills Strong interpersonal skills Able to work effectively in a matrixmanagement environment Demonstrated knowledge of recognized Information Security auditrelated standards and regulations Demonstrated knowledge of recognized IT process and quality frameworks such as COBIT ITIL CMM and ISO) Highly motivated having a strong sense of urgency work well under pressure high detail orientation and adept at multitasking Team player with strong organizational skills a positive attitude and customer service orientation Technically strong individual with a breadth of understanding of information management experience in largescale integration and who can embrace a large multilevel system Innovative thinker who is able to see the big picture while remaining attentive to the details Travel Travel to RHCs and other locations within assigned regions will be required Should not total more than 40 |
Jobs Like This Near Newtown Square, PA
Articles Related to Catholic Health East
Click on the button below to go to the Catholic Health East website and apply for Regional Information Security Officer.
GO TO EMPLOYER WEBSITE
