Schedule:
Monday - Friday (40 hrs/wk)
8:00 AM - 5:00 PM
Department: IT System Services Admin - 216
Primary Purpose:
Develops, implements, reviews and monitors the information security program and related policies and procedures as directed by the Information Security Officer. Recommends, tests, and implements new, or improvements to existing, security related tools and processes. Participates in the detection and resolution of information security incidents, audits and reporting to appropriate internal groups. Monitors information security compliance using a variety of tools and systems. Advise the Information Security Officer surrounding HIPAA/HITECH and other regulatory requirements and with other security related issues.
About ARUP:
ARUP Laboratories is a national clinical and anatomic pathology reference laboratory and an enterprise of the University of Utah and its Department of Pathology. Based in Salt Lake City, Utah.
ARUP proudly hires top talent to create a work environment of diversity, professional growth and continuous development. Our workforce is committed to the important service we provide to over one million patients each month. We always strive for excellence and have a strong desire to have involvement with the advances in medicine and the role laboratory services plays within each patient’s life. We never forget that there is a patient behind every specimen we receive.
We are looking for individuals who want to contribute to ARUP's culture of accountability, integrity, service, and excellence. Consider joining our dynamic team.
Essential Functions:
Understand the company information security objectives, policies, processes, and procedures and be able to assist in implementation, maintenance and improvement of the corporate wide information security program.
Ensure compliance with those regulatory guidelines that ARUP and Healthcare is required to adhere to and keep up to date on changes to these guidelines that will impact the existing information security programs that are in place.
Evaluate regulatory and legal changes and suggest modifications to existing program or additions to help protect ARUP users, systems and clients.
Work closely with other corporate teams, quality and compliance, Legal Counsel, Finance, Executive, etc., to help resolve and assist with internal and external audits, legal holds and other events that require representation from an information security prospective.
Work closely with other IT teams to identify, implement and monitor technologies that will help to protect the information contained within ARUP’s entire information resource infrastructure.
Perform periodic per-platform or wide area risk assessments, security reviews and audits to ensure regulatory and security requirements, this could include but is not limited to patch management, change control practices, IDS and firewall monitoring, user access controls, etc. Report results to correct groups and assist in determination of a plan to resolve any issues discovered. Follow-up to ensure those resolutions are taken to completion, documented and ensure they are implemented appropriately and resolve deficiencies.
Investigate, remediate, and document any information security related breaches, events or disclosures. Ensure that all required and appropriate personnel are kept updated and informed of progress and related incidents.
Perform monitoring and limited administration of a variety of information security tools and ensure they are running correctly and reporting appropriately. Resolve issues discovered or work with product owners to resolve issues. Review ways to resolve reoccurring incidents on a permanent basis with limited user impact. This will include Anti-virus, patch management, compliance auditing, information security vendor maintenance and other methods as assigned.
Conduct security investigations and computer forensic analysis as needed, respond to security emergencies both during and after business hours.
Develop and maintain a corporate software licensing compliance program, which includes required documentation, policies and procedures. Ensure program is monitored and audit compliance at a corporate level on a regular basis for the software products used.
Participate as an active member of any information security or privacy team as assigned.
Participate in any ongoing corporate information security awareness training, notifications and updates.
Keep abreast of information security trends, technologies, and issues.
Perform project leadership tasks on select security projects as assigned.
Other duties as assigned.
Physical and Other Requirements:
Stooping: Bending body downward and forward by bending spine at the waist.
Reaching: Extending hand(s) and arm(s) in any direction.
Mobility: The person in this position needs to occasionally move between work sites and inside the office to access file cabinets, office machinery, etc.
PPE: Biohazard laboratory environment that requires use of personal protective equipment in accordance with CDC and OSHA regulations and company policies.
ARUP Policies and Procedures: To conduct self in compliance with all ARUP Policies and Procedures.
Sedentary Work: Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.
Fine Motor Control: Picking, pinching, typing or otherwise working, primarily with fingers rather than with the whole hand as in handling.
Vision: Having close, far, and peripheral visual acuity to perform a variety of tasks such as make general observations of depth and distance.
High School Diploma or Equivalent or better.
Associates Degree or better in Information Systems.
Bachelor's Degree or better in Information Systems.
With a Bachelor's degree: two years of applicable work experience
With an Associate's degree: three years of applicable work experience
With a high school diploma: five years of applicable work experience
Experience with PCI, NIST, FDA, DoD regulatory requirements, risk assessments and required controls
Security, system, network industry certifications
Intermediate understanding of network, server, storage, database and desktop operations and interrelationships
Experience with HIPAA/HITECH regulatory requirements, risk assessments and required controls
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
Read Full Description