CHIEF HEALTHCARE INFORMATION SECURITY OFFICER

Company: Erie County Medical Center
Location: Buffalo
Posted on: March 17, 2023

Job Description:

DISTINGUISHING FEATURES OF THE CLASS: The work involves overseeing the designing and management of the Information Security Program at the Erie County Medical Center Corporation (ECMCC). The incumbent is responsible for safeguarding the technical infrastructure, cloud security program and information systems architecture and functionality as they impact protected health information (PHI) and business information assets. This class differs from that of Healthcare Information Security Officer by virtue of the increased supervisory responsibilities and varied nature of the work. Work is performed under the general direction of the Chief Information Officer (CIO) with oversight from the Office of General Counsel. Supervision is exercised over lower-level technical staff. Does related work as required.

TYPICAL WORK ACTIVITIES:

Provides daily oversight of the Information Security Program;

Directs the work activities of the Cybersecurity team within the HIS/IT Department of ECMCC;

Collaborates with and manages the efforts of contracted third-party security firms;

Implements, manages and enforces information security directives as mandated by Federal and State regulations, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA);

Develops and enforces policies and procedures and provides oversight of functional areas including, but not limited to: workforce training involving confidentiality, integrity and availability of data within ECMCC's electronic systems and cloud-hosted data;

Ensures the ongoing integration of information security with business strategies and requirements;

Ensures that the access control, disaster recovery, business continuity, incident response and risk management needs of the organization are properly addressed;

Leads the information security awareness and training initiatives to educate workforce about information risks; Provides project management oversight and operational responsibility for administrative coordination and implementation of the organization's security program;

Manages information risk assessments and security audits to ensure that the information systems are adequately protected and meet HIPAA certification requirements;

Collaborates with various departments and law enforcement agencies to coordinate response to information security incidents, investigate and prevent future computer security breaches and to manage security vulnerabilities;

Conducts research in and stays current with security issues;

Leads incident response team to contain investigations and prevent future computer security breaches;

Coordinates security survey regulatory activities and participates in accreditation surveys;

Attends and participates in meetings, seminars and trainings, etc.

FULL PERFORMANCE KNOWLEDGE, SKILLS, ABILITIES AND PERSONAL CHARACTERISTICS: Thorough knowledge of state of the art information security; thorough knowledge of project management and development; good knowledge of technical infrastructure security components and integrated computerized rules-based systems; thorough knowledge of Federal and State privacy and security laws and regulations and industry best practices as they relate to healthcare information security; ability to manage the security of health information across a widely dispersed workforce with a variety of information mediums; ability to read, interpret and apply technical information; ability to analyze and resolve security problems quickly; ability to direct and evaluate the work of lower-level staff and vendors; ability to communicate effectively, both orally and in writing; ability to establish and maintain effective working relationships with a diverse constituency; critical thinking skills; problem solving skills; capable of performing the essential functions of the position with or without reasonable accommodations.

MINIMUM CHARACTERISTICS:

• Possession of a Master's Degree in Health Information Systems, Computer Science/Computer Programming or related technology or healthcare related field and five (5) years of experience in the management of information technology or cybersecurity professionals; of which included three (3) years of direct experience in the information security field, and one (1) year of experience with federal and state privacy and security laws, regulations, and accreditation standards for maintaining information security and confidentiality, or
• Possession of a Bachelor's Degree in Health Information Systems, Computer Science/Computer Programming, or related technology or healthcare field and seven (7) years of experience in management of information technology or cybersecurity professionals; of which included five (5) years of direct experience in the information security field including, and one (1) year of experience with federal and state privacy and security laws, regulations, and accreditation standards for maintaining information security and confidentiality
  
  NOTE 1: Your degree must have been awarded by a college or university accredited by a regional, national or specialized agency recognized as an accrediting agency by the U.S. Department of Education/U.S. Secretary of Education. If your degree was awarded by an educational institution outside the United States and its territories, you must provide independent verification of equivalency. A list of acceptable companies who provide this service can be found on the internet at http://www.cs.ny.gov/jobseeker/degrees.cfm. You must pay the required evaluation fee.
  
  NOTE 2: Verifiable part-time and/or volunteer experience will be pro-rated toward meeting full-time experience requirements.

Keywords: Erie County Medical Center, Buffalo , CHIEF HEALTHCARE INFORMATION SECURITY OFFICER, Healthcare , Buffalo, New York