CasperRecruiter Since 2001
the smart solution for Casper jobs

Director of Information Security

Company: Wyoming Medical Center
Location: Casper
Posted on: October 13, 2019

Job Description:

In compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and good security practice, Wyoming Medical Center is responsible for appointing a health information security director. The Director of Information Security is responsible for developing and monitoring practices to ensure that WMC's health information is secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to authorized users in a timely fashion.

The Director, along with the Chief Compliance / Privacy Officer, is also responsible for the oversight and management of all activities related to the development, implementation, and maintenance of, and compliance with, WMC's policies, procedures, and standards governing the privacy, confidentiality, and security of all individually identifiable health information in compliance with HIPAA, the Department of Health and Human Services (DHHS) regulations implementing HIPAA, particularly the HIPAA privacy regulations, and other state and federal laws, professional ethics, and accreditation standards protecting the confidentiality and privacy of individuals and their health and other information, such as financial information. The Director of Information Security is responsible for the design, oversight, and ongoing management of the information security program including policies, procedures, technical systems, and workforce training in order to maintain the confidentiality, integrity, and availability of data within all of the company's information systems.

Duties and Responsibilities:


  • The employee shall comply with all safety and health standards, and all rules, regulations, and orders which are applicable to the individual's own position, actions, and conduct.
  • Function as the Company's Security Officer for regulatory and compliance purposes
  • Draft, implement, manage, and enforce security policies and procedures related to PHI.
  • Ensure the ongoing integration of information security with business strategies and privacy requirements.
  • Work with Chief Compliance Officer and Chief Information Officer for ongoing optimal application of technology functionality to protect regulated data.
  • In collaboration with the Chief Compliance Officer, lead information security awareness and training initiatives to educate workforce about policies, procedures, and information risks.
  • Manage internal and third party security risk assessment analysis processes and remediation including creation of the risk mediation plan.
  • Manage gap analyses and prioritization of gap closure. Respond to risk assessments of members and other participants:


    • Identify process improvements
    • Update standard answers to questions posed by participants
    • Review security surveys including SOC Reports from Vendors


    • Create an information security risk mitigation plan based on risk assessments with input from relevant staff.
    • Perform ongoing security audits to assess effectiveness of policies, procedures, and Information Systems security safeguards.
    • Make recommendations to the Chief Compliance Officer and Chief Information Officer regarding the ongoing integration of information security with business strategies and privacy requirements.
    • Work with vendors, outside consultants, business associates, and other third parties to improve information security practices.
    • Lead the security incident response team in prevention, investigation, mitigation, and reporting activities.
    • Work with Human Resources to ensure appropriate sanctions for violations of information security policies.
    • Recommend system enhancements via capital and operating budget planning to keep pace with privacy and security technology advances.
    • Ensure that vendors comply with contractual obligations related to information security.
    • Support continuity planning. Conduct business impact analysis and manage the remediation of issue identified. Conduct annual disaster recovery testing and adopt remediation plan.
    • Support plans for emergency mode of operations (including access to regulated information).
    • Support information and information system recovery and resumption of routine practice operation after an emergency. Coordinate the improvement and implementation of the Emergency Mode operation plan. Update Information Technology items in the Emergency Preparedness Plan.
    • Lead security response team in investigating and developing appropriate responses to complaints and incidents related to information security. Carry out periodic security risk assessments in conjunction with privacy requirements.
    • Manage and perform the security audit program and coordinating action plans for applicable Company departments when necessary to make improvements.
    • Document and maintain all risk analyses and remediation actions taken by to reduce information security risks.
    • Document the processes that lead to regulatory compliance.
    • Document the links between technical solutions and security policies.
    • Manage retention of performance improvement activity documentation for security functions and compliance responsibilities.
    • Coordinate security survey regulatory activities and participate in accreditation surveys with external survey bodies.
    • Maintain current knowledge of federal and state privacy and security laws and regulations and industry best practices (e.g., NIST, ISO).
    • Serve as a security resource to executive management, employees, business associates, and external bodies such as association members and government agencies.
    • Serves as a member of the Compliance committee to bring and maintain WMC into overall compliance with HIPAA.
    • Communicates and works with all disciplines and departments, such as management, medical staff, information systems specialists, financial managers, state and federal agency officials, as well as with patients, clients, and any other individuals for whom WMC maintains or transmits individually identifiable health information.
    • Accountable for successful achievement of organizational goals.
    • Successfully completes leadership training and demonstrates competency in leadership.
    • Performs other duties as assigned.


      Requirements


      • --- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Intrusion Analyst (CIA) certification is required within 12 months of hire.
      • --- An industry-recognized security certification, such as Certified Information Systems Auditor (CISA), is required.
      • --- Proven understanding of health care regulatory standards (HIPAA privacy and security rules) is required.
      • --- Demonstrated knowledge of general IT controls (e.g. access controls, risk management, change management) and related information security policies and procedures is required.
      • --- A minimum of three years' experience providing information security to a complex entity is preferred.

Keywords: Wyoming Medical Center, Casper , Director of Information Security, Accounting, Auditing , Casper, Wyoming

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Accounting, Auditing Jobs


Insurance and Financial Sales - LIFE INSURANCE LICENSED REQ'D (Casper,WY)
Description: CURRENT LIFE INSURANCE LICENSE REQUIRED TO BE CONSIDERED Are you an individual with a strong desire to succeed in the business world and help families at the same time We have a wide range of mortgage (more...)
Company: The Alliance
Location: Casper
Posted on: 10/20/2019

Insurance and Financial Sales - LIFE INSURANCE LICENSED REQ'D (Casper,WY)
Description: CURRENT LIFE INSURANCE LICENSE REQUIRED TO BE CONSIDERED Are you an individual with a strong desire to succeed in the business world and help families at the same time We have a wide range of mortgage (more...)
Company: The Alliance
Location: Casper
Posted on: 10/17/2019

Senior Digital Account Executive - Own a Franchise
Description: Senior Digital Account Executive:
Company: CMP.jobs
Location: Casper
Posted on: 09/23/2019


Senior Tax Accountant - Casper, Wyoming
Description: This is a full-time position that is responsible for ensuring timely and accurate filing of federal, state and local tax returns for the various True companies and individuals to comply with the requirements (more...)
Company: True Oil LLC
Location: Casper
Posted on: 10/1/2019

Bookkeeper
Description: Wyoming Independent Living is hiring a full-time Bookkeeper. br Experience
Company: Wyoming Independent Living
Location: Casper
Posted on: 10/10/2019

Director of Information Security
Description: In compliance with the Health Insurance Portability and Accountability Act of 1996 HIPAA and good security practice, Wyoming Medical Center is responsible for appointing a health information security (more...)
Company: Wyoming Medical Center
Location: Casper
Posted on: 10/13/2019

Log In or Create An Account

Get the latest Wyoming jobs by following @recnetWY on Twitter!

Casper RSS job feeds