DIR INFORMATION SECURITY

The Director of Information Security will lead the design, development, and management of the Northside information security program.  This program will ensure compliance with all relevant laws, regulations, and contractual requirements with specific focus on the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH).  The Information Security Director has responsibility to protect information systems assets from intentional or inadvertent modification, misuse, disclosure, damage, or destruction.  The scope of responsibility includes all hospitals, physician practices, locations, and service lines within Northside Hospital, Inc. and as otherwise directed by the Chief Information Officer.

The Information Security Director shall work cooperatively within the Information Systems organization to provide guidance and governance for the development and operation of information systems.  Additionally this individual shall work with leadership across all other Northside departments, locations, and service lines to share and promote the corporate information security vision and ensure compliance with Northside security policies and program.

1. Hires, trains, supports and coordinates activities and duties of the leadership of the Information Security team. Works collaboratively with other IT teams and hospital departments to implement and enforce a robust information security program organization-wide.
2. Maintains fluency in all aspects of the HIPAA and HITECH Security Regulations and other relevant security standards and best practices. Advises the organization about information security technologies and related regulatory issues.
3. Makes recommendations and monitors the adoption of new procedures and technologies as required. Develops, maintains, publishes and enforces corporate information security policies, standards and guidelines encompassing information security.
4. Ensures current policies and procedures are updated and maintained for the department and organization.
5. Monitors compliance with information security policies and procedures, referring issues to the appropriate area within Northside.
6. Develops and implements renewable security awareness & education programs for the organization.
7. Proactively protects the integrity, confidentiality and availability of information in the custody of organization and provides reports regarding the effectiveness of all aspects and components of network and data security.
8. Develops and implements standards for application security; reviews security standards and capabilities of all applications.
9. Oversees all audits and security risk assessments.
10. Acts as a central point of contact for Northside leadership on information security issues.
11. Monitors and evaluates internal and external security threats. Researches security threats and implements appropriate changes to the security program to prevent data from being compromised.
12. Participate in vendor, consulting, and hospital management meetings as necessary.
13. Attend various user group meetings representing the hospital.
14. Participates in other projects as assigned; performs other duties as assigned.
15. Practices proper safety techniques in accordance with hospital policies and procedures. Immediately reports and mechanical or electrical equipment malfunctions, unsafe conditions, or employee/patient/visitor injury-accident to the director.

KNOWLEDGE SKILLS AND ABILITIES/LICENSE OR CERTIFICATION REQUIRED

1. Bachelor’s Degree in Business, IT Security, Information Systems or related field.
2. Ten (10) years prior information security experience.
3. Five (5) years prior healthcare experience.
4. Five (5) years of management experience.
5. Excellent analytical and communication skills.
6. Outstanding interpersonal and leadership skills.

KNOWLEDGE SKILLS AND ABILITIES/LICENSE OR CERTIFICATION PREFERRED

1. MBA, MHA, or other Master’s Degree in Healthcare Administration, Business, IT Security, Information Systems or related field.
2. Twelve (12) years prior information security experience.
3. Seven (7) years prior healthcare experience.
4. Ten (10) years of management experience.
5. CISM, CISSP and/or other relevant security certifications