Follow Us:

Job Listing

Home Job Listing
  • Share this Job

Information Security Officer

Location : Houston, TX
Job Type : Direct
Hours : Full Time
Required Years of Experience : 5+
Required Education : Bachelor's Degree
Travel : No
Relocation : No

Job Description :

Information Security Officer




Houston, TX


 


Description of Duties / Essential Functions


Under the general direction of the client company Chief Information Security Officer (CISO), duties, functions and responsibilities of this position include:


      Develop and implement department specific Cybersecurity Master Plan aligned with the company Cybersecurity Master Plan to address the confidentiality, integrity and availability of department systems, data and information    




•   Directs an ongoing, proactive risk assessment program for all new and existing department systems and remains familiar with department's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk


      Responsible for communicating risks and recommendations to mitigate risks to the Company CIO, CISO and department senior leadership team in cost/benefit terms so decisions can be made to ensure the security of information systems and information entrusted to company department


      Oversees all ongoing activities related to the development, implementation and maintenance of department's information security policies and procedures by ensuring these policies and procedures encompass the overall security of protected health information (PHI) and electronic protected health information (ePHl) both at rest and in motion


      Assists department divisions, programs and department Privacy Officer with efforts to ensure Health


      Insurance Portability and Accountability Act (HIPAA) compliance a


      Ensures department vulnerabilities are managed and mitigated per company Cyber Division policy


      Assists with the development of department specific, role-based information security awareness training programs, and works with Company Cyber Division, department divisions and programs to present to staff as appropriate


      Works with company CISO to ensure proper protections, technical and physical controls are in place to protect the confidentiality, integrity and available of department systems, data and information.


      Assists with the development and implementation of a department business continuity/disaster recovery plan to offset the impact caused by intentional and unintentional acts


      Evaluates security incidents and determines what response, if any, is needed and coordinates with company CISO and company Cyber Division on proper responses when sensitive data or information are compromised


      Assists the company CISO with department insider threat investigations


      Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by company CISO, and obtaining certifications relevant to job duties


Required Qualifications :


Experience Requirements


      At least 5 years of experience developing and implementing cybersecurity plans and controls in a healthcare focused organization. Strong understanding of the department's core business functions and business strategy.


      Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs


      Comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records HIPAA, HITECH, etc.)


      Experience evaluating and managing cyber risk and working within industry-standard frameworks (e.g. NIST Cybersecurity Framework, CIS Top 20, NIST 800-XX, etc.).


      Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management


      Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM and DIP


      Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications


      Experience with a wide variety of operating systems: Windows Server, Windows 10, Windows 7, Linux etc.


      Knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis models


      Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies


      Solid knowledge and understanding of networking and TCP/IP


      Well-developed interpersonal skills. Ability to get along with diverse personalities; tactful, mature and flexible


      Ability to establish creditability and be decisive but also to recognize and support the organization's preference and priorities


      Ability to maintain the highest standard of confidentiality is required with zero tolerance


      High energy level, comfortable performing multifaceted projects in conjunction with normal activities


      Results oriented with the ability to balance other business considerations


      Ability to speak and present information effectively to groups of varying sizes


      Proven experience working in a rapidly changing, high intensity environment


      Avid, proactive learner and ability to work well in a team-based environment


      Strong interpersonal and writing skills


      Superior attention to detail


 


Education Requirements


      B.A. or B.S. degree in Management and Information Systems (MIS), Computer Science, Engineering or a closely related field.


      Certified Information Systems Security Professional (CISSP) required; Certified Information Security Manager (CISM) and HealthCare Information Security and Privacy Practitioner (HCISPP) security certifications preferred.


 •   Must have healthcare industry experience




License Requirements



Must be able to pass a criminal background check obtain and maintain federal mandated security clearances where required.


 


Working Conditions


There are no major sources of discomfort, i.e., essentially normal office environment with acceptable lighting, temperature and air conditions. Significant time spent using computer display, keyboard, and mouse.


Powered by AkkenCloud