Facility Information Security Official - Capital Division
Location:
Description: Field IT&S - Richmond/Capital Division is at present recruited Facility Information Security Official - Capital Division right now, this career will be placed in Virginia. Detailed specification about this career opportunity kindly see the descriptions. More About HCA.....
For a fifth consecutive year HCA has earned national recognition as one of the best workplaces for information technology professionals. HCA ranked No. 42 on Computerworld’s 2013 "Best Places to Work in Information Technology" list of 100 companies.
HCA has been recognized by the Ethisphere Institute as one of the World's Most Ethical Companies.
Summary of Duties
The Zone Facility I! nformation Security Official (FISO) is responsible for leading! , driving and, in some cases, implementing Information Security (IS) activities and measures in company facilities supported by the division, under the supervision of the Division Director of Information Security Operations (DISO).
Facilities
These include hospitals, company-managed physician offices, Consolidated Service Centers (CSCs), Ambulatory Surgery Division (ASD) centers and certain other facilities in the division. Depending on the IT model and complexity of the division, the Zone FISO may be assigned to lead and drive IS activities in a few facilities or possibly all facilities in a market or division.
IS Activities
These activities are part of the enterprise (company-wide) and division-specific IS programs and operations. IS activities at the facility-level are primarily based on: (a) ongoing IS work and expectations outlined in the company's IS policies, standards, and guidance documents, (b) new and/or prioritized IS work in ! the Facility IS Action Plans from the Corporate IS Department, and (c) IS aspects in projects from the IS Department, IT&S Department, Business Units and Division.
Enterprise IS Program
The enterprise (company-wide) IS program is led by the VP & CISO and IS Department in IT&S. Together with the DISO, the Zone FISO is the "face" of the enterprise and division IS programs to facility leadership, workforce members, and other people and entities (e.g., physicians and certain vendors) affiliated with the facility. The Zone FISO is responsible for implementing the company's organizational IS agenda, championing improvements to reduce IS risks to patients and business operations in the facility, and serving as a bridge between the division and the facility.
Division IS Program
The division IS program is led by the DISO. The division program includes implementation plans and activities for the enterprise IS Program and projects, and division-spec! ific IS plans, activities and projects. Like the enterprise IS Program,! the Zone FISO is responsible for leading, driving and ensuring the division IS program is implemented in the Zone FISO's assigned facilities.
Facility IS Program
Generally, the facility IS program and facility IS activities are based on implementation and ongoing, operational compliance with company IS requirements. These activities include both Information Technology (IT) and non-IT related areas. In addition, all facility workforce members have a role regarding IS. The Zone FISO is responsible for leading, driving and helping the facility and facility workforce members appropriately comply with the company's IS requirements.
Approach
The Zone FISO drives the results the company wants by extending the reach of the enterprise IS program into facilities. This includes developing IS processes, building staff awareness and competencies for security, and effectively collaborating across boundaries to ensure enterprise IS goals and company pr! iorities are met and business value is realized.
Relationships
This role requires extensive focus on building and expanding relationships with key stakeholders such as Facility leadership, Facility workforce members, Physicians, Division leadership, Division IT team, other Zone FISOs, IS department, business partners and vendors, and other people and entities who support the IS objectives and activities at the facility.
Other
The Zone FISO must have and will use a combination of skills including IT technical skills, IS knowledge, people relating skills, written and verbal communication skills, interpersonal skills and the ability to develop, communicate and follow processes to get technical and non-technical work accomplished.
Duties Include But Are Not Limited To
Lead, drive and implement (where appropriate) IS activities in the facility
Provide leadership, drive implementation and drive ongoing compliance in t! he facility with IS requirements including IS policies and standards, H! IPAA Security activities, Facility IS Action Plans, division IS program activities, enterprise IS program, and facility-specific needs.
In conjunction with the appropriate division and facility teams, address IS issues identified by the facility, by the division, by corporate groups including Internal Audit or the IS Department, and by outside entities including auditors (e.g., CMS HIPAA Security audits).
Work with Facility leadership, HDISs, LSCs, and facility staff to drive the accomplishment of IS goals.
Help coordinate non-IT IS work and responsibilities at the facility.
Coordinate with HR Director, Facility Privacy Official and Ethics & Compliance Officer to ensure that sanctions related to IS issues are applied appropriately and consistently.
Bridge the distance between the HCA information security group and the facility through collaboration, coordination, communication, and operating as part of each.
IS Account M! anagement
For facility and department managed applications, ensure that application administrators are aware of and adhere to company account management requirements.
Ensure Appropriate Access and other user access reviews occur in the facility in accordance with company guidelines.
IS Project Execution
Lead and coordinate implementation of IS technologies and projects in the facility. Ensure progress and completion of identified tasks in the Facility Information Security Plan.
Issues Tracking and Resolution
Track and drive resolution of facility IS issues.
Provide technical expertise to resolution of IS issues in the facility.
Coordinate facility troubleshooting of issues and questions.
Support and coordinate incident response activities involving the facility.
Monitor resolution of IS alerts in the facility (e.g., Spyware, SMART anomalies, invalid Social Security Numbers).
R! espond to user related threat events in the facility by working with th! e respective department manager to facilitate user awareness.
Ensure issues in IS reports are addressed (e.g., SAPortal reports, Passport reports, SecurID activity reports, Internal Audit Self-Monitoring Report).
In conjunction with the division IT team, ensure corporate-mandated service packs, patches and hotfixes are applied to facility servers and workstations within the defined time periods.
Provide facility-level reporting to the DISO to identify and act on facility-specific IS issues.
IS Risk Management
Lead risk management processes and decision-making involving each facility, within the framework established in the enterprise IS program.
Ensure the designated facility committee (e.g., Facility Security Committee, Facility Ethics & Compliance Committee) receives, documents, tracks, investigates and acts on suspected IS breaches and complaints.
Perform walkthrough of the facility to identify potential or a! ctual IS issues on at least a quarterly basis (e.g., physical security of MDF/IDFs; active sessions on unattended workstations; posted passwords).
Work with facility personnel and the DISO to complete, submit, and track Security Exception Request Forms (SERFs).
Team with facility and division personnel to remediate system issues that are noted in approved SERFs.
IS Vendor Systems Security
Coordinate IS activities with vendors at the facility.
Ensure proper vendor contracts are in place for division and facility IT systems and services.
Ensure division and facility-specific IT systems and services receive proper assessments before implementation.
Ensure implementation of specified IS architectures for enterprise vendors (e.g., anti-virus, logging, auditing, authentication, authorization, configuration management, encryption and remote access management/monitoring).
Ensure vendor systems use approved conn! ectivity, remote management and monitoring.
IS Communication
Facilitate, and lead where appropriate, IS communication and awareness in the facility.
Coordinate with the facility HR and training departments to ensure that periodic workforce training includes company-required IS content (e.g., protection from malicious software; procedures for monitoring log-in attempts and reporting discrepancies; procedures for creating, changing, and safeguarding passwords; procedures for reporting security incidents).
Represent Facility IS Needs to Division
Serve as the advocate for IS in facility planning.
Represent facility needs in division strategic planning, budgeting and work prioritization.
Identify development in the IT&S IS department services and operations needed to resolve IS operational issues in the facility.
Support division IS initiatives and the DISO
Assist the DISO in driving key elements in the enterprise and division IS programs at the facility level.
Adheres to the Code of Conduct and Mission and Value Statements
Assists with other duties as assigned.
Qualifications
Knowledge, Skills, and Abilities
Knowledge of HIPAA Privacy/Security Regulations and Sarbanes-Oxley IT control standards
Strong understanding of Information Security processes, technologies, and practices
Hospital, Meditech System, HDIS, LSC, IT Audit, and project management experience desired
Must possess excellent written and verbal communication, organization, decision-making, advanced problem solving, and presentation/training skills; as well as initiative, adaptability, and customer focus
Must possess the ability to build positive team relationships with all levels of individuals at the facility/ market/ division; corporate level
Education
College graduate preferred
Experience:
Management experience desired
Bachelor's d! egree in IT, Health Information Management, or related field.
! Three to ten years of related work experience in Information Security and/or IT focused Health Information Management
Certification/Licensure:
Information Security Certification(s) with demonstrated work experience is preferred. Desired certifications include: CISSP, CISA, CISM, GSEC, GCIH, GCNT, GCFW, GCUX, GCIA
- .
If you were eligible to this career, please email us your resume, with salary requirements and a resume to Field IT&S - Richmond/Capital Division.
If you interested on this career just click on the Apply button, you will be redirected to the official website
This career starts available on: Fri, 06 Dec 2013 07:47:37 GMT
Apply Facility Information Security Official - Capital Division Here