Manager Systems Security & Services
Location: Salinas, CA
Time Type: Full time
Posted on: Posted 2 Days Ago
Job Requisition ID: SVH-100708
It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
Department:
Information Technology
Remote Eligible
Under the general direction of the Chief Information Officer, the Systems Security Manager is responsible for overseeing, implementing, and managing compliance with the organization’s information security program. This role involves developing and maintaining security policies, procedures, risk register, and security standards to protect sensitive data and ensure compliance with HIPAA and other relevant regulations. The incumbent is responsible for maintaining an inventory of information assets, conducting training, and communications plans and programs for the medical center, which include security awareness programs, security training, and security training compliance.
Responsibilities:
- Collaborate with the Chief Information Officer (CIO) to develop, implement, and maintain a security strategy for the organization that aligns with industry practices and regulatory requirements.
- Conduct regular risk assessments to identify and prioritize potential security threats and vulnerabilities and develop mitigation strategies to address the risks as prioritized.
- Develop information protection policies, including strategies for data loss prevention.
- Maintain the incident response plan to effectively manage and respond to security incidents.
- Serve as an advisory role for legal and privacy teams in matters of policy violations and manage security events; assist with legal matters associated with such violations as necessary.
- Maintain an inventory of information assets to identify, evaluate, and manage risk.
- Ensure organizational compliance in accordance with information security policies, standards, and procedures. Manage the exceptions process and document all exceptions.
- Act as a focal point for all information security-related audit work (internal & external). Coordinate with auditors in the execution of audits. Develop a strategy for handling audits and external assessment processes for relevant regulations.
- Ensure compliance with HIPAA, HITRUST, and other relevant regulatory frameworks by conducting regular audits and assessments.
- Develop and maintain security awareness training programs for staff, providers, and other system end users to best practices for upholding and complying with our systems security policies, procedures, and best practices.
- Provide regular reporting on the current status of the information security program to executive leadership.
- Provide strategic and tactical security guidance for all Information Technology projects.
- Develop and maintain a program to conduct regular vulnerability scans and patches to identify and address security vulnerabilities.
- Develop metrics and a reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive levels.
- Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management program goals.
- Evaluate and manage vendor security practices to ensure third-party service providers and information services solutions meet the organization’s security requirements. Exceptions to be mitigated as best as possible and documented to be periodically reviewed for resolution and/or improvement.
- Promote specialized skills and knowledge through support, training, and development of staff members.
- Perform other duties as assigned.
Education:
Bachelor’s Degree required, preferably in computer sciences or related field.
Licensure:
Certified Information Systems Security Professional (CISSP) certification is required.
Experience:
Minimum five (5) years’ experience in a similar job role for a mid to large organization, preferably in healthcare with a healthcare provider. Demonstrated experience in the deployment and management of IT security technologies such as firewall, virtual private networks, intrusion detection solutions, secure access, mobile device management, and wireless network security. In-depth experience in the following practice areas: Familiarity with HIPAA, HITRUST, and other relevant regulations. Familiarity with NIST standards. Proven track record of developing and implementing successful information security programs. Experience with cloud security and cloud-based applications. Experience with data privacy and protection. Experience with security compliance audits and assessments.
The hourly rate for this position is $72.61 - $90.76. The range displayed on this job posting reflects the target for new hire salaries for this position.
Job Specifications:
Union: Non-Affiliated
Work Shift: Day Shift
FTE: 1.0
Scheduled Hours: 40
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
Salinas Valley Health, formerly Salinas Valley Memorial Hospital, founded in 1953, is the cornerstone of what would eventually become Salinas Valley Health. Today, we serve thousands of individuals and families just like you throughout the Salinas Valley, Monterey Peninsula, and the surrounding region. Each year, our highly trained team of healthcare professionals takes our renowned quality of patient care to the next level. Our team actively utilizes the latest medical techniques with our state-of-the-art technology to improve your health and well-being. In many cases, this provides you and your family the opportunity to receive specialized care right here in your own community, without the need for travel. Our 263-bed acute care medical center employs more than 2,036 people and has a medical staff of more than 300 board-certified physicians across a broad spectrum of specialties, all dedicated to your care.
#J-18808-Ljbffr