Manager Systems Security & Services - Salinas Valley Health

We're committed to bringing passion and customer focus to the business.

Department:
Information Technology

Remote Eligible

Under the general direction of the general direction of the Chief Information Officer. The Systems Security Manager is responsible for overseeing, implementing and managing compliance with the organization's information security program. This role involves developing and maintaining security policies, procedures, risk register and security standards to protect sensitive data and ensure compliance with HIPAA and other relevant regulations. The incumbent is responsible for maintaining inventory of information assets, conducting training and communications plans and programs for the medical center, which include security awareness programs, security training, and security training compliance.

• Collaborates with the Chief Information Officer (CIO) to develops, implement and maintain security strategy for the organization that aligns with industry practices and regulatory requirements.

• Conduct regular risk assessments to identify and prioritize potential security threats and vulnerabilities and develop mitigation strategies to address the risks as prioritized.

• Develops information protection policies, including strategies for data loss prevention.

• Maintain the incident response plan to effectively manage and respond to security incidents.

• Serves an advisory role for legal and privacy teams in matters of policy violations and manage security events; assist with legal matters associated with such violations as necessary.

• Maintains an inventory of information assets to identify, evaluate and manage risk.

• Ensures organizational compliance in accordance with information security policies, standards and procedures. Manages the exceptions process and documents all exceptions.

• Acts as a Focal point for all information security related audit work (internal & external). Coordinates with auditors in the execution of audits. Develops a strategy for handling audits and external assessment processes for relevant regulations.

• Ensure compliance with HIPAA, HITRUST and other relevant regulatory frameworks by conducting regular audits and assessments.

• Develop and maintain security awareness training programs for staff, providers, and other system end users to best practices for upholding and complying with our systems security policies, procedures and best practices.

• Provides regular reporting on the current status of the information security program to executive leadership.

• Provides strategic and tactical security guidance for all Information Technology projects.

• Develop and maintain a program to conduct regular vulnerability scans and patches to identify and address security vulnerabilities.

• Develops a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive levels.

• Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management program goals.

• Evaluate and manage vendor security practices to ensure third-party service providers and information services solutions meet the organization's security requirements. Exceptions to be mitigated as best as possible and documented to be periodically reviewed for resolution and/or improvement.

• Promotes specialized skills and knowledge through support, training and development of staff members.

• Performs other duties as assigned.

Education: Bachelor's Degree required, preferably in computer sciences or related field.

Licensure: Certified Information Systems Security Professional (CISSP) certification is required.

Experience: Minimum five (5) years' experience in a similar job role for a mid to large organization, preferably in healthcare with a healthcare provider. Demonstrated experience in the deployment and management of IT security technologies such as firewall, virtual private networks, intrusion detection solutions, secure access, mobile device management and wireless network security. In-depth experience in the following practice areas: Familiarity with HIPAA, HITRUST and other relevant regulations. Familiarity with NIST standards. Proven track record of developing and implementing successful information security programs Experience with cloud security and cloud-based applications. Experience with data privacy and protection. Experience with security compliance audits and assessments.

The hourly rate for this position is $72.61 - $90.76 . The range displayed on this job posting reflects the target for new hire salaries for this position.

Job Specifications:
• Union: Non-Affiliated

• Work Shift: Day Shift

• FTE: 1.0

• Scheduled Hours: 40

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!