The VP, Information Security position provides executive leadership, vision and managerial oversight in the development and implementation of security strategies to define policies and processes that enable consistent, effective information security practices and minimize risk. Determines projects and priorities for all information security issues. Establishes short and long–range business plans to achieve the necessary security to protect organization assets. Leads strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk–based assessment methodology. Develops and communicates security strategies and plans to executive team, staff, partners, customers, and stakeholders. Lead partnership with compliance to assure compliance with regulatory and accrediting agencies Lead the full project lifecycle from discovery to implementation.
Responsibilities
Responsible for all ongoing activities related to the availability, integrity and confidentiality of patient, provider, employee, and business information in compliance with the organization's security policies and procedures, regulations and law
Identifies, investigates, resolves and develops processes, procedures and associated documentation relative to security of computer systems, networks and telecommunications along with confidentiality and standards administration.
Serves as a leader for teams investigating and addresses various health information security issues.
Ensure the integrity and protection of networks, systems, and applications by enforcement of organizational security policies, and effective operation of security solutions and/or controls.
Conduct security reviews and evaluates information risk on regular time schedule.
Maintain current knowledge of relevant information security threats and technologies.
Ensure compliance with changing cybersecurity laws and applicable regulations
Management of security support staff.
Participate in special projects as assigned.
Qualifications
Bachelor's Degree in Healthcare Administration or Business Administration or Information Technology is required.
Master's Degree in Healthcare Administration or Business Administration or Information Technology is highly desirable.
Minimum of 10 years of progressive experience in health information security management, health information management, information systems and/or health risk management is required.
Knowledge and understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard (PCI).
Knowledge of healthcare industry and hospital operations preferred.
Experience in MEDITECH/EPIC or other Health Information System preferred.
Certification(s) in the information security areas such as the CISSP, CISM, CISA is desirable. Appropriate certification in risk management and/or health care compliance desirable