POSITION SUMMARY
In cooperation with the Information Security Analyst II and IS Management, manages routine information-protection functions. Works with IS management to assist in the development of IT security strategies that conform with industry standards, best practices, and are in alignment with healthcare regulatory acts. Deploys IT security policies and procedures, administers the current IT security controls in place, and implements new controls needed to support the security architecture. Performs risk and security assessments, and implements recommended architecture changes, enhancements or other mitigating controls as needed.
MINIMUM REQUIREMENTS
Education:
1) Associate’s degree in IT, Computer Science, or equivalent education and/or experience.
Experience:
1) Minimum of 2 years’ experience with IT security.
Knowledge, Skills, Abilities:
1) Working knowledge of modern IT security topics.
2) Excellent oral and written communication skills including ability to effectively present information.
3) Communicates effectively with others at all levels of the organization and individuals outside of the organization.
4) Good analytical and problem solving skills and excellent interpersonal skills.
License/Certification/Registration:
1) Certified Information Systems Security Professional (CISSP) preferred.
SUPERVISION RECEIVED
Receives general supervision from the Manager, Infrastructure & Security to achieve established goals and objectives. Collaborates with IS management throughout decision-making processes.
SUPERVISION GIVEN
None
ESSENTIAL FUNCTIONS
1) Works with IS management to develop and maintain an IT security architecture that correlates to healthcare regulatory acts and industry standards
a) Researches, documents, and implements current IT security best practices and standards.
b) Determines IT compliancy requirements as dictated by healthcare regulatory acts.
c) Conducts IT compliancy assessments and response drills.
2) Administers current IT security controls and oversees new IT security solutions.
a) Manages security control systems currently in place, including but not limited to, email filtering and encryption services, patch management software, web security filtering software, anti-virus/anti-malware software, and other desktop/user permission controls.
b) Administers security logs and monitoring systems.
c) Assesses potential network and application security controls not currently in place.
d) Works closely with IS staff members and vendors to ensure appropriate security controls are implemented throughout projects.
3) Coordinates risk and security assessments, breach drills and incident response drills.
a) Works with third party providers to conduct comprehensive IT security assessments on a regular basis.
b) Communicates with third party providers to design IT security architecture changes, enhancements or other mitigating controls.
c) Implements required IT security changes, enhancements, or controls.
d) Works with third party providers to coordinate breach and incident response drills.
4) Tracks industry trends and emerging threats of IT security, and recommend possible mitigation controls.
5) Keeps current on government regulations, security best practices and industry standards.
6) Implements IT solutions that address new government regulations, and the mitigation of emerging IT security threats.
7) Works to enhance employee awareness of government regulations and information systems security best practices.
NON-ESSENTIAL FUNCTIONS
Performs related and miscellaneous duties as assigned.
Why Mount Nittany Health?
At Mount Nittany Health, we provide high-quality patient care with a unique combination of the latest in clinical technology and compassionate medical professionals. We are committed to improving both the quality and availability of healthcare in our region and seek to hire only the best to support the communities we serve.
Read Full Description