Director of Information Security
Company: Wyoming Medical Center
Posted on: September 9, 2019
In compliance with the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) and good security practice,
Wyoming Medical Center is responsible for appointing a health
information security director. The Director of Information Security
is responsible for developing and monitoring practices to ensure
that WMC's health information is secure from unauthorized access,
protected from inappropriate alteration, physically secure, and
available to authorized users in a timely fashion.
The Director, along with the Chief Compliance / Privacy Officer, is
also responsible for the oversight and management of all activities
related to the development, implementation, and maintenance of, and
compliance with, WMC's policies, procedures, and standards
governing the privacy, confidentiality, and security of all
individually identifiable health information in compliance with
HIPAA, the Department of Health and Human Services (DHHS)
regulations implementing HIPAA, particularly the HIPAA privacy
regulations, and other state and federal laws, professional ethics,
and accreditation standards protecting the confidentiality and
privacy of individuals and their health and other information, such
as financial information. The Director of Information Security is
responsible for the design, oversight, and ongoing management of
the information security program including policies, procedures,
technical systems, and workforce training in order to maintain the
confidentiality, integrity, and availability of data within all of
the company's information systems.
Duties and Responsibilities:
- The employee shall comply with all safety and health standards,
and all rules, regulations, and orders which are applicable to the
individual's own position, actions, and conduct.
- Function as the Company's Security Officer for regulatory and
- Draft, implement, manage, and enforce security policies and
procedures related to PHI.
- Ensure the ongoing integration of information security with
business strategies and privacy requirements.
- Work with Chief Compliance Officer and Chief Information
Officer for ongoing optimal application of technology functionality
to protect regulated data.
- In collaboration with the Chief Compliance Officer, lead
information security awareness and training initiatives to educate
workforce about policies, procedures, and information risks.
- Manage internal and third party security risk assessment
analysis processes and remediation including creation of the risk
- Manage gap analyses and prioritization of gap closure. Respond
to risk assessments of members and other participants:
- Identify process improvements
- Update standard answers to questions posed by participants
- Review security surveys including SOC Reports from Vendors
- Create an information security risk mitigation plan based on
risk assessments with input from relevant staff.
- Perform ongoing security audits to assess effectiveness of
policies, procedures, and Information Systems security
- Make recommendations to the Chief Compliance Officer and Chief
Information Officer regarding the ongoing integration of
information security with business strategies and privacy
- Work with vendors, outside consultants, business associates,
and other third parties to improve information security
- Lead the security incident response team in prevention,
investigation, mitigation, and reporting activities.
- Work with Human Resources to ensure appropriate sanctions for
violations of information security policies.
- Recommend system enhancements via capital and operating budget
planning to keep pace with privacy and security technology
- Ensure that vendors comply with contractual obligations related
to information security.
- Support continuity planning. Conduct business impact analysis
and manage the remediation of issue identified. Conduct annual
disaster recovery testing and adopt remediation plan.
- Support plans for emergency mode of operations (including
access to regulated information).
- Support information and information system recovery and
resumption of routine practice operation after an emergency.
Coordinate the improvement and implementation of the Emergency Mode
operation plan. Update Information Technology items in the
Emergency Preparedness Plan.
- Lead security response team in investigating and developing
appropriate responses to complaints and incidents related to
information security. Carry out periodic security risk assessments
in conjunction with privacy requirements.
- Manage and perform the security audit program and coordinating
action plans for applicable Company departments when necessary to
- Document and maintain all risk analyses and remediation actions
taken by to reduce information security risks.
- Document the processes that lead to regulatory compliance.
- Document the links between technical solutions and security
- Manage retention of performance improvement activity
documentation for security functions and compliance
- Coordinate security survey regulatory activities and
participate in accreditation surveys with external survey
- Maintain current knowledge of federal and state privacy and
security laws and regulations and industry best practices (e.g.,
- Serve as a security resource to executive management,
employees, business associates, and external bodies such as
association members and government agencies.
- Serves as a member of the Compliance committee to bring and
maintain WMC into overall compliance with HIPAA.
- Communicates and works with all disciplines and departments,
such as management, medical staff, information systems specialists,
financial managers, state and federal agency officials, as well as
with patients, clients, and any other individuals for whom WMC
maintains or transmits individually identifiable health
- Accountable for successful achievement of organizational
- Successfully completes leadership training and demonstrates
competency in leadership.
- Performs other duties as assigned.
- --- Certified Information Systems Security Professional
(CISSP), Certified Information Security Manager (CISM), or
Certified Intrusion Analyst (CIA) certification is required within
12 months of hire.
- --- An industry-recognized security certification, such as
Certified Information Systems Auditor (CISA), is required.
- --- Proven understanding of health care regulatory standards
(HIPAA privacy and security rules) is required.
- --- Demonstrated knowledge of general IT controls (e.g. access
controls, risk management, change management) and related
information security policies and procedures is required.
- --- A minimum of three years' experience providing information
security to a complex entity is preferred.
Keywords: Wyoming Medical Center, Casper , Director of Information Security, Executive , Casper, Wyoming
Didn't find what you're looking for? Search again!