|Preferred GIAC Certifications||GCIH GISP|
|Contact Name||Andy Lin|
The Manager, Information Security is responsible for managing a team of Information Technology Security professionals. This Manager will assign both project based work, and production work to team members.They may act as both a personnel manager and a project manager. Additionally, will possess strong technical security knowledge and is skilled in applying procedures, policies, and methodologies. The Manager, Information Security stays abreast of the industry standards for his/her field of specialization. The Manager, Information Security provides outstanding client service and contributes to the organization’s mission of utilizing information technology to improve patient care.
Manage a team of Information Technology Security professionals engaged in providing Information Security Services
o Plan the work, delegate effectively and follow up with staff, providing support and guidance.
o Evaluate the team and its members’ level of performance, to provide performance management and establish the delivery of top tier services and solutions to the organization.
o Mentor and identify training needs for team members, ensuring professional development and superior technical expertise.
o Responsible for resource allocation, managing assignments, and overseeing the work performed by the team.
o Responsible for staffing decisions and promotion of team members.
• Oversee and manage IT Security projects ranging in size, complexity, and scope.
• Ensure that the IT Security Policy is implemented for new installations and systems upgrades
• Set architectural design standards for all Security products such as Identity and Access Management, SIMS, forensic tools and other Security tools.
• Lead the creation and delivery of solutions as a Security Subject Matter Expert.
• Provide guidance to the Security team on new solutions and designs
• Implement information security policies and procedures to provide effective controls to system architecture and functionality
• Review proposed solutions to ensure that they are compliant with HIPAA/HITECH regulations
• Communicate and work proactively and professionally with internal and external auditors as well as other groups responsible for ensuring that an organization is properly protecting the hospital data and patient medical records
Provide documentation and communication to peers, subordinates, and senior management for status, coordination, objectives, and performance.
• Responsible for system documentation and coordinating the dissemination of it to stakeholders.
• Manage vendor relationships and work.
• Mitigate escalations of client incidents and issues. Assess and troubleshoot, consult with vendors, and coordinate with other teams for problem resolution.
• Remains abreast on and evaluates the need for new technologies.
• Perform other related duties as required
IT Security department team management
• Project management
• Strong knowledge of authentication and encryption techniques
• Strong knowledge in hardware/software security implementation
• Strong knowledge in Identity and Access management techniques
• Knowledge in Active Directory (AD) and Single Sign-on (SSO)
• Knowledge of access control on firewalls, URL filtering, audit log reviews, change control, and business continuity.
• Experience managing IDS/IPS and Proxy server technologies
• Strong technical and industry experience
• Knowledge of various communication tools
• The ideal candidate will have extensive knowledge of information security principles, understanding of networks, operating systems, web applications and techniques used by attackers. A thirst for knowledge and the desire to stay abreast of new developments in the dynamic security space is a must.
• Minimum 5 years of experience HIPAA Security and Privacy regulations