Job Information
United Musculoskeletal Partners Chief Information and Security Officer in United States
DESCRIPTION
As Chief Information Security Officer for UMP you’ll own and manage the Information Security Risk for UMP and its portfolio of orthopedic practices. To be successful in this role you must be passionate about keeping patient information safe, know how to prioritize and remediate information security risk as part of an overall risk management and governance methodology and be able to work and communicate effectively both in the board room as well as with IT staff, physicians, leadership and everyone in-between.
In this dynamic role you’ll lead cyber risk governance across the organization, manage a mix of internal and external resources and partners, roll up your sleeves and write policy and procedure documents, perform ongoing risk assessments, deliver awareness training and be the voice of Information Security across a fast pace, growth organization. When asked “can I do this?” your answer isn’t no, but rather you’ll collaborate with clinicians, business leaders and technologists in a pragmatic way to find solutions that both work and minimize business risk.
REQUIREMENTS
REQUIREMENTS
· Implement and maintain an Information Security Governance and Risk Management Program for the protection of electronic information assets including ePHI, PII and other electronic information assets.
· Using a blend of internal team members and third parties, manage InfoSec GRC as well as 24x7 SOC and security engineering functions. Partner strongly with IT Operations & Infrastructure teams to implement and sustain technical controls that remediate risk.
· Monitor and evaluate information security controls implemented in the organization. Work to reduce risks to protected information to acceptable levels and detect, investigate, and respond to information security exposures, incidents, and violations.
· Conduct and document accurate and thorough IT risk assessments on an ongoing basis, leveraging third parties as needed to supplement internal capabilities.
· Develop and implement measures to address the risks identified through the risk assessment process, including but not limited to policies, procedures, training and technology.
· Ensure the information security program and IT environment meets pertinent government regulatory, accreditation, and commercial requirements (for example, HIPAA, HITECH, Joint Commission and Payment Card Industry Data Security Standards).
· Work in tandem with leadership and counsel to support data incident risk assessment and data breach notification activities.
· Develop, implement, and maintain a UMP-wide information security education and awareness program for delivery to all levels of the enterprise.
· Coordinate with other technology leaders to ensure the necessary policies and procedures are in place to mitigate Information Security Risk to acceptable levels.
· In partnership with other IT and business leaders, oversees IT change management activities to minimize the risk of business downtime.
EDUCATION/EXPERIENCE
· A Bachelor’s Degree in a related field and at least 5 years of progressive experience in healthcare Privacy, Information Security management or related fields.
· CISSP, Certified CSF Practitioner or other similar certifications are highly desired.
· Extensive information security knowledge and experience in regulated industries, particularly healthcare, is needed.
· Superior written and verbal communication skills as well as leadership acumen are crucial for the role.
· Willingness to roll up your sleeves and be as hands on as necessary to get the job done in a collaborative, high energy environment.
Company: United Musculoskeletal Partners
Job Type: Full-time
Address: OFF-SITE, , ,