Under the direction of the Chief Information Officer, this position is responsible for the ongoing management of Information Security policies, procedures and technical systems in order to maintain the confidentiality, integrity and availability of all District Health Care Information Systems as mandated by HIPAA.
Recommend security systems that will provide detection, prevention, containment and deterrence mechanisms to protect and maintain the integrity of healthcare data.
Manage and enforce Information Security directives as mandated by the HIPAA Security Rule. These include the development and maintenance of all security related policies and procedures designed to protect computer programs, databases and data files from unauthorized or accidental access, duplication, modification or destruction.
Ensures the ongoing interaction and flexibility of Information Security with District Business strategies and requirements.
Ensures that the access control, disaster recovery, business continuity, incident response and risk management needs of the district are properly addressed.
Design and implement security remediation plans.
Demonstrates knowledge and experience with the following tools; Antivirus, intrusion detection/protection software, network access control, provisioning and de-provisioning of users, encryption, SFTP/FTP, security monitoring, data loss prevention, identity and asset management.
Experienced in the following technologies: Cisco ASA firewalls, Cisco VPN connections/client, Cisco IDS, Security information management (SIM), Threat Detection Management , Symantec, log correlations, Authentication, RBAC, single sign on technologies, mobile device security protocols.
Will attend annual security training classes and/or security certification programs. Ensure District Information systems are adequately protected and meet HIPAA certification requirements.
Implement action plans for information security findings to ensure internal security controls are appropriate and operating as intended.
Provides security project management, security testing oversight, and risk remediation planning and coordination.
Coordinates internal and external communication, issue resolution, security vendor relationships, testing plans, training plans, and successful transition to additional IT infrastructure teams appropriately.
Analyze and evaluate cyber and information security solutions, including new technologies and new security architectures, security controls and procedures, and contracting documentation.
Analyze changes in the regulatory area including the Payment Card Standard, Privacy Legislation, SOX, SEC guidance, HIPAA etc. and provide the District with appropriate action plans for improving business functions.
Act as internal consultant to District staff to assist in the implementation of such action plans.
Work with vendors, outside consultants and other third parties to improve District Information Security.
Participate in the incident response teams to contain, investigate and prevent future computer security breaches. Coordinates quarterly security audits. Communicates findings to the Chief Information Officer and the Chief Compliance Officer.
Assists in the ongoing maintenance of the department’s business continuity/disaster recovery plan.
Maintains positive relations with business customers and software vendors.
Provides clear and concise statuses and project plans to the Chief Information Officer.
Requires on-call coverage as defined by IT management.
Provides the technical leadership for security based projects.
Assists in the creation and maintenance of security procedural documentation on all systems.
Emergency duty may be required of the incumbent that includes working in Red Cross shelters or to perform other emergency duties including, but not limited to, responses to threats or disasters, man-made or natural.
The list of essential functions, as outlined herein, is intended to be representative of the tasks performed within this classification. It is not necessarily descriptive of any one position in the class. The omission of an essential function does not preclude management from assigning duties not listed herein if such functions are a logical assignment to the position.
Skills of an IT Security Analyst include but are not limited to: Strong policy and process knowledge including HIPAA, SOX, IT auditing skills, and has the expertise to deal with a variety of technologies and customers. Interaction with all District departments is imperative. This position requires IT competency in information security and security risk assessments in the healthcare industry. Proficiency in designing and hands-on implementation of security remediation plans is a must. Strong technical skills: application and operating system hardware, vulnerability assessments, security audits, TCP/IP, log monitoring, intrusion detection systems, firewalls, etc. Outstanding communication (oral, written, presentation), interpersonal and consultative skills. Must possess a high degree of integrity and trust along with the ability to work independently and with an infrastructure team. Demonstrated organization, facilitation, communication, and presentation skills. Excellent documentation skills. Ability to weigh business risks and enforce appropriate information security measures. Knowledge and experience in information privacy laws and regulations including access and release of information. In-depth knowledge of the HIPAA Security Rule and other government technology laws including any corollary state law(s).
Bachelor’s degree in Information Technology or related field with a concentration in information technology security.
Two (2) to four (4) years experience in implementing and supporting information security for applications, web architectures, operating systems, databases, and networks in the health care industry.
CompTIA Security+ certification required.
CEH: Certified Ethical Hacker preferred.
Valid Florida Driver’s License required.
Strong technical skills (application and operating system hardware, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc. Knowledge and experience in information privacy laws and regulations including access and release of information. In-depth knowledge of the HIPAA Security Rule and other government technology laws including any corollary state law(s).