To be part of our organization, every employee should understand and share in the YNHHS Vision, support our Mission, and live our Values. These values-integrity, patient-centered, respect, accountability, and compassion - must guide what we do, as individuals and professionals, every day.
Under the direction of the Health System Information Security Officer supports information security initiatives through continuous monitoring of the enterprise security status and participates in activities to assess compliance with internal policies and government regulations (e.g. HIPAA). The responsibilities include procurement, implementation, administration, monitoring and examination of security management tools needed to discover vulnerabilities and correlate incidents. This Position is also responsible for incident detection, investigation, mitigation, documentation, logging, and reporting.
1. Assists in understanding user requirements, and develops and recommends security hardware, software and tools solutions to satisfy the requirements. 2. Provides skilled technical development of security architecture, design, planning, implementation and support. 3. Develops and maintains corporate-wide communications standards and procedures. 4. Discovers, reports, and resolves information security environment problems. 5. Evaluates feasibility of new hardware, software and tools as they become available. 6. Tests, evaluates and installs new hardware, software and tools as they relate to the corporate information security program. 7. Responsible for implementing operational security frameworks for existing and new computing services, programs, and applications. 8. Provides quality assurance of systems by ensuring successful implementation and maintenance of information security tools as defined in IS&T Security Policies. 9. Supports and continuously monitors and reports on all information security vulnerabilities and incidents. 10. Creates and maintains documentation. 11. Perform daily operations and provides scheduled reporting on detected security incidents, trends, and current state of information security. 12. Reviews results from internal active network penetration tests to ensure mitigation of vulnerabilities in information systems. 13. Assist with information security impact to server, client, and application upgrades and installations where appropriate. 14. Responds to information security inquiries. 15. Participates in application information security reviews and assessments. 16. Supports the Lead Information Security Specialist in performing monthly security, reviews and in preparing monthly, quarterly, annual, and ad-hoc status reports. 17. Works well within a team of Information Security specialists and analysts. 18. Provide operational metrics to continually assess information security, for policy and regulatory compliance and generates reports.
Position requires a Bachelor''s Degree in Computer Science or related discipline, master''s degree preferred or technical training and/or related experience equivalent in Information Security.
Seven (7) to ten (10) years of experience in an Information Security role or related area with specific information security responsibilities including government regulatory compliance. Experience coordinating and supporting complex security solutions required, preferably in a large enterprise environment. Experience leading and directing the work of others strongly preferred.
In-depth experience and knowledge is required in the following areas: Information Security Management Practices, Access Control Systems, Network/Operational Security, Information Security forensics, and regulatory requirements especially HIPAA. All areas require demonstrated, strong interpersonal, resource management and communication skills. Familiarity with application security and business continuity is a plus. Ability to handle multiple complex tasks is essential. CISSP or similar certification required.
Accountable for extensive knowledge of information security program; provides support and expertise to IS&T Dept. Assists Lead and supervisor with system and budgetary recommendations. Handles complex investigations and problem solving situations. Responsible for determining project plans and methods of implementation for review with supervisor
Must be able to resolve highly complex security, able to work with and encourage team members in order to get the job done; high degree of resourcefulness and technical knowledge. Competent in ability to communicate with all levels of the organization. Is a positive proactive team oriented employee who fosters group participation and teamwork. Position is highly complex and has far reaching effects on the confidentiality, integrity, and availability of sensitive information.