Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization. Ensures information security policies, standards, and procedures are up-to-date.
Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
Creates a culture of cyber security both with the IT organization and driving behavioral changes for the business.
Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
Manages security incidents and events involving electronic protected health information (ePHI)
Ensure that the disaster recovery, business continuity, risk management and access controls needs of the facility are addressed.
Ensures the institution/organization complies with the administrative, technical and physical safeguards.
Collaborates with organization senior management, Privacy Officer, and Corporate Compliance officer to establish governance for the security program.
Serves in a leadership role for security compliance.
Works closely with the Privacy Officer to ensure alignment between security and privacy compliance programs including policies, practices and investigations, and acts as a liaison to the information systems and compliance departments.