The job below is no longer available.
You might also like
in Roseville, CA
$30 - $43Verified per hour SYSCO • 2d agoGood pay Urgently hiring 5.8 mi Use left and right arrow keys to navigate- $30 - $43
Verified per hour SYSCO • 2d agoGood pay Urgently hiring 7.7 mi Use left and right arrow keys to navigate - CEDARS-SINAI • 4h ago
Urgently hiring 18.6 mi Use left and right arrow keys to navigate 
$50est. per hour Williams Homes, Inc. • 5d agoUrgently hiring 12.4 mi Use left and right arrow keys to navigate- $23.25 - $27.17
Verified per hour Edward Jones • 4h agoUrgently hiring Use left and right arrow keys to navigate
Information Security Officer, Special Projects - Full-time / Part-time
•30 days ago
| Hours | Full-time, Part-time |
|---|---|
| Location | Roseville, CA Roseville, California |
About this job
The Affiliate Information Security Officer (ISO) position requires a leader with strong knowledge of privacy and information security best practices within the healthcare environment. The ISO must possess effective communication and people skills, strong leadership qualities, thorough understanding of security best practices, technologies, and controls, and the ability to translate these discrete concepts into business-friendly terminology. The ISO must also maintain a strong understanding of risk management and governance practices and the use of risk methodologies.
Reporting to the Deputy Chief Information Security Officer (CISO), the Affiliate Information Security Officer (ISO) is responsible for establishing and maintaining the information security program at Sutter Health affiliates, including hands-on execution and day-to-day management of the Affiliate Information Security Program. The ISO is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. The ISO enables the organization to achieve its mission of providing world-class health care to its communities and proactively works with business units to evaluate, educate, and implement practices that meet defined policies and standards for information security. The ISO effectively works with affiliate and enterprise leadership to determine acceptable levels of risk for the organization and reports on variance. The ISO maintains a deep knowledge about the business environment and ensures ongoing security controls are maintained.
In addition, the ISO advises the appropriate Organizational Unit (OU) DCISO regarding the Information Security Program Strategic Plan and Roadmap, and budget required to maintain the security risk profile as directed by the Sutter Health Board of Directors and senior leadership. The ISO represents Information Security at business executive leadership, steering, governance, and board committees. As the security leader for the assigned area of responsibility, the ISO fosters a culture of security among the Sutter Health workforce within the affiliates and foundations. In addition, the ISO collaborate with affiliate and foundation executives, Compliance, Legal, Privacy, Human Resources, Sutter Health IS management and staff, and other personnel as appropriate in matters relevant to information security.
Education
* Bachelor's degree in management, information technology or related field is required or equivalent education and experience.
* Master's degree in computer science, information security, business, healthcare management or related field is desired.
* Certified Information Security Manager (CISM), and HealthCare Information Security and Privacy Practitioner (HCISPP) is desired
Experience
* Seasoned leader with proven track record of leading information security initiatives in a healthcare environment
* A minimum of 8 years' combined experience in IT and information security, three of which must be in information security
* Leadership experience in programs, projects, and initiatives in a clinical provider environment
* Demonstrated success in security program transformation initiatives and ability to apply creative and customized security solutions for the business
* Experience interpreting and applying industry frameworks such as ISO 27001 and HIPAA Security and Privacy Rule requirements
* Proven track record of building productive relationships with key business and IT leaders
* Extensive experience managing information security in a complex technical environment consisting of all levels of hardware platforms, WAN/MAN/LAN, Client-Server and Thin Client applications, Intranet/Extranet/Internet and Web
* Solid experience showcasing excellent project management and effective leadership of multidisciplinary teams that successfully defined, developed, and delivered various information security solutions
* Comprehensive management experience demonstrating leadership across all of the major functions of security, technology, and interfacing with the business and clinical leaders
Knowledge
* Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management
* Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration
* Knowledge and understanding of relevant legal and regulatory requirements including participating in audit teams/process, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAEC-16 Soc 2 and other industry initiatives and regulations
* Strong understanding of the business impact of security tools, technologies, and policies
* Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications
* Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs
* Comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.)
* Understanding of and experience with Lean or other process improvement philosophies and methodologies desired
Skill
* Excellent written and verbal communication skills, including the ability to give presentations and translate complex technical concepts and the digital security viewpoint into business and clinician relatable language
* Excellent problem-solving and analytical skills
* Strong ability to establish and maintain a high level of customer trust and confidence
* Demonstrated ability to work under stress in emergencies, and the flexibility to handle simultaneous high pressure demands
* Proven ability to drive through obstacles and deliver computing capability across a broad spectrum of technologies and entities
* Strong attention to detail
* Ability to prioritize tasks so work is completed in an accurate, timely manner
* Advanced level of competency in Microsoft Office Suite, as well as other relevant software for research and analysis
* Highly self-motivated and self-directed
* Must be creative and personable
* Capable of pulling together many disparate facts and observations into one overall plan
* Ability to work well in a group setting with a broad range of system experiences
* Ability to quickly learn new systems/applications and grasp fundamentals/concepts of systems
* Ability to shift gears midstream and move in different direction when needed
* Strong negotiation and vendor relationship skills
* Skill in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment
* High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
* Ability to interact with all stakeholders and build strong relationships at all levels and across all business units and organizations
* Understands business imperatives
* Demonstrated comprehension of infrastructure and systems development
* Demonstrated ability to develop and report on metrics
* Excellent communication, facilitation, writing, and public speaking skills
Reporting to the Deputy Chief Information Security Officer (CISO), the Affiliate Information Security Officer (ISO) is responsible for establishing and maintaining the information security program at Sutter Health affiliates, including hands-on execution and day-to-day management of the Affiliate Information Security Program. The ISO is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. The ISO enables the organization to achieve its mission of providing world-class health care to its communities and proactively works with business units to evaluate, educate, and implement practices that meet defined policies and standards for information security. The ISO effectively works with affiliate and enterprise leadership to determine acceptable levels of risk for the organization and reports on variance. The ISO maintains a deep knowledge about the business environment and ensures ongoing security controls are maintained.
In addition, the ISO advises the appropriate Organizational Unit (OU) DCISO regarding the Information Security Program Strategic Plan and Roadmap, and budget required to maintain the security risk profile as directed by the Sutter Health Board of Directors and senior leadership. The ISO represents Information Security at business executive leadership, steering, governance, and board committees. As the security leader for the assigned area of responsibility, the ISO fosters a culture of security among the Sutter Health workforce within the affiliates and foundations. In addition, the ISO collaborate with affiliate and foundation executives, Compliance, Legal, Privacy, Human Resources, Sutter Health IS management and staff, and other personnel as appropriate in matters relevant to information security.
Education
* Bachelor's degree in management, information technology or related field is required or equivalent education and experience.
* Master's degree in computer science, information security, business, healthcare management or related field is desired.
* Certified Information Security Manager (CISM), and HealthCare Information Security and Privacy Practitioner (HCISPP) is desired
Experience
* Seasoned leader with proven track record of leading information security initiatives in a healthcare environment
* A minimum of 8 years' combined experience in IT and information security, three of which must be in information security
* Leadership experience in programs, projects, and initiatives in a clinical provider environment
* Demonstrated success in security program transformation initiatives and ability to apply creative and customized security solutions for the business
* Experience interpreting and applying industry frameworks such as ISO 27001 and HIPAA Security and Privacy Rule requirements
* Proven track record of building productive relationships with key business and IT leaders
* Extensive experience managing information security in a complex technical environment consisting of all levels of hardware platforms, WAN/MAN/LAN, Client-Server and Thin Client applications, Intranet/Extranet/Internet and Web
* Solid experience showcasing excellent project management and effective leadership of multidisciplinary teams that successfully defined, developed, and delivered various information security solutions
* Comprehensive management experience demonstrating leadership across all of the major functions of security, technology, and interfacing with the business and clinical leaders
Knowledge
* Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management
* Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration
* Knowledge and understanding of relevant legal and regulatory requirements including participating in audit teams/process, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAEC-16 Soc 2 and other industry initiatives and regulations
* Strong understanding of the business impact of security tools, technologies, and policies
* Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications
* Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs
* Comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.)
* Understanding of and experience with Lean or other process improvement philosophies and methodologies desired
Skill
* Excellent written and verbal communication skills, including the ability to give presentations and translate complex technical concepts and the digital security viewpoint into business and clinician relatable language
* Excellent problem-solving and analytical skills
* Strong ability to establish and maintain a high level of customer trust and confidence
* Demonstrated ability to work under stress in emergencies, and the flexibility to handle simultaneous high pressure demands
* Proven ability to drive through obstacles and deliver computing capability across a broad spectrum of technologies and entities
* Strong attention to detail
* Ability to prioritize tasks so work is completed in an accurate, timely manner
* Advanced level of competency in Microsoft Office Suite, as well as other relevant software for research and analysis
* Highly self-motivated and self-directed
* Must be creative and personable
* Capable of pulling together many disparate facts and observations into one overall plan
* Ability to work well in a group setting with a broad range of system experiences
* Ability to quickly learn new systems/applications and grasp fundamentals/concepts of systems
* Ability to shift gears midstream and move in different direction when needed
* Strong negotiation and vendor relationship skills
* Skill in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment
* High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
* Ability to interact with all stakeholders and build strong relationships at all levels and across all business units and organizations
* Understands business imperatives
* Demonstrated comprehension of infrastructure and systems development
* Demonstrated ability to develop and report on metrics
* Excellent communication, facilitation, writing, and public speaking skills
Your Privacy Choices