• Information Security Officer

    Job Locations US-RI-Smithfield
    Req No.
    2018-8989
    Department
    Information Security
    Type
    Regular Full-Time
    Category
    Executive
  • Overview

    Under the general direction of the General Counsel, and with a dotted line reporting relationship to the Compliance Officer, this position is responsible for the development and delivery of a comprehensive information security program, including information in electronic, print and other formats, for the company.

     

    Primary responsibilities include: ongoing development and maintenance of information security policies and procedures; implementation of physical and information technology security controls in order to maintain the confidentiality, integrity and availability of all organizational information and information systems; protect company information, information systems, and physical infrastructure from internal and external threats; conducts annual and other routine auditing and monitoring of information systems and physical security to ensure compliance with company policies and procedures and applicable legal requirements

     

    He/she works with the Compliance Officer to complete an annual risk assessment of physical and information security threats and opportunities for improvement; partners with senior leadership, management and staff to ensure that information and physical security practices align with strategic business objectives; works with the Compliance Officer to respond to information security investigations by federal or state agencies or other authorities; assists the Compliance Officer in the investigation and tracking of attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in a information system; and such other duties as may be assigned by the General Counsel, the Compliance Officer, and/or the Chief Executive Officer or Board of Directors.

    Responsibilities

    • Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent and effective information security practices, minimizes risk, and ensures the integrity, confidentiality and availability of information that is owned or controlled by Neighborhood.
    • Successfully positions self as a trusted advisor sought out by senior management for advice and guidance on information security and related issues.
    • Ensures information security policies, standards, procedures and practices are up-to-date and in compliance with applicable legal requirements.
    • Performs ongoing information security risk assessments and audits to ensure that information systems are adequately protected and meet HIPAA certification requirements.
    • On a regular basis, meets with the Compliance Officer and fosters an open, positive working relationship.
    • Works with delegated entities, other vendors, outside consultants, and other third parties to improve information security for all company health and other information.
    • Helps the leadership team understand the potential business impact of proposed new controls and of potential security risks from new business and initiatives.
    • Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
    • Ensures that potential security risks associated with new and existing business processes and IT applications are identified and addressed. Completes an information security assessment for all new vendor arrangements that include access to or the sharing of company information
    • Ensures that electronic protected health information (ePHI) is protected in a manner that meets or exceeds all federal and state requirements.
    • Creates a culture of cyber security both within the IT organization and across the company.
    • Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
    • Works with Compliance Officer to respond to compliance/security incidents and events involving ePHI and non-electronic PHI.
    • Ensures that the access control needs are addressed.
    • Ensures the company complies with the administrative, technical and physical safeguards required by state and federal laws.
    • Serves in a leadership role for security compliance; collaborates with the organization’s senior management, Privacy Officer and Compliance Officer to establish governance for the security program.
    • Works closely with the Privacy Officer to ensure alignment between security and privacy compliance programs including policies, practices and investigations.
    • Responsible for annual information security risk assessment/analysis, mitigation and remediation.
    • Responsible for development and implementation of security risk management plan, which includes an inventory of all software, hardware, and systems where ePHI is maintained or transmitted.
    • Ensures the company has appropriate authorization policies and procedures, access controls, and audit logs to monitor activity on electronic systems that contain or use ePHI and non-electronic PHI.
    • Oversees periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits and printing.
    • Assists with the development of a Facility Security Plan to limit physical access to ePHI and PHI, including operational areas and technology systems. Assists with the investigation of Facility Security Plan violations
    • Ensures the organization has and maintains appropriate system use and disclosure/confidentiality statements.
    • Oversees, develops and/or delivers initial and ongoing information security training to the workforce. Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities.
    • Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements, to ensure security concerns, requirements, and responsibilities are addressed.
    • Partners with Human Resources and Compliance to ensure consistent sanctions for security violations.
    • Maintains current knowledge of applicable federal and state security laws, licensing and certification requirements and accreditation standards.
    • Serves as information security consultant to all departments for data security related issues.
    • Corporate Compliance Responsibility - As an essential function, responsible for complying with Neighborhood’s Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and  the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents

    Qualifications

    Required:

    • Bachelor degree in Information Systems or a related field.
    • Seven to Ten (7-10) years’ of information security program management/leadership experience.
    • Working knowledge of federal and state health care and other statutes, rules, policies and guidance for the security of health information.
    • Demonstrated organization, facilitation, written and oral communication and presentation skills.
    • Prior experience with disaster recovery planning, business continuity, risk management, and monitoring technical and physical safeguards.
    • A high level of integrity and trust.

    Preferred:

    • Three to Five (3–5) years’ experience in creating and managing information security programs for a health care provider or payor.
    • Knowledge and experience with HIPAA, NIST, PCI and all other statutes and regulations applicable to health insurance businesses.
    • The ability to influence senior business leaders about the need to embrace new security initiatives and controls; ability to influence colleagues at all levels.
    • Security certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related security credentials.
    • Demonstrated skills in collaboration, teamwork and problem-solving to achieve goals.

    Neighborhood is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status or any other legally protected basis.

     

    Neighborhood is committed to ensuring individuals with disabilities and/or those who have special needs participate in the workforce and are afforded equal opportunity to apply for jobs. If you would like to contact us regarding the accessibility of our Website or need assistance completing the application process, please contact us at recruiting@nhpri.org

     

    Neighborhood is an EOE M/F/D/V and an E-Verify Employer

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.