MAIN FUNCTION:
The role is to manage the Governance, Risk, and Compliance (GRC) component of Arnot Health’s Information Security Program.
This position will ensure that Arnot Health's Information Security Program maintains its high standards and mitigates risk to the organization by managing program components such as information security policies and procedures, training and awareness, vendor and third-party risk management, and program compliance management.
This role works collaboratively with the technical members of the Information Security Team and leadership of all departments within Arnot Health in the awareness and implementation of security controls.
This position reports to the Chief Information Security Officer.
DUTIES AND RESPONSIBILITIES:
**1.
Manage the GRC component of Arnot Health’s Information Security Program.
**2.
Maintain a thorough understanding of Arnot Health’s Information Security Program and information security controls to support HIPAA/HITECH, NIST PCI, GLBA and other applicable Information Security regulations and/or frameworks.
**3.
Develop, update, communicate, and manage information security policies and procedures, ensuring that they are aligned with business goals, are effectively managing risks, and complying with all applicable regulations and information security best practices are met.
**4.
Monitor and audit information security controls to ensure they are implemented consistently and effectively in compliance with Arnot Health’s policies and procedures.
**5.
Develop, manage, and monitor information security training and awareness program in support of strengthening the organization’s culture of security.
Frequently assesses changes in organizational risks and industry trends and adjusts training and awareness campaigns accordingly.
**6.
Assess, mitigate, and manage information security risks from vendors and other third parties with access to Arnot Health’s systems and/or confidential information.
**7.
Develop, monitor, and manage Information Security Program metrics and key performance indicators (KPI) to assess the effectiveness of the information security program.
**8.
Collaborate across organizational departments fostering engagement and building relationships, while acting as an advisor on the implementation of applicable information security controls.
Escalates identified risks identified during process analysis, as necessary
9.
Partners with the Chief Information Security Officer and ITS Security Manager and Architect in periodic internal and external security risk assessments.
10.
Maintain up-to-date industry knowledge and provide suggestions for continual program improvement.
11.
Is responsible for attending all annual mandatory educational programs as required by position.
12.
Employee understands and demonstrates the importance of satisfying the needs of the customer/patient by interacting with him/her in a friendly and caring way, being attentive to the customer’s needs, both psychologically and physically, and by taking the initiative to maintain communication with the customer in order to provide a secure and pleasant experience with the Medical Center.
13.
It is understood that this lists typical duties for the classification and is not to be considered inclusive of all duties, which may be assigned.
EDUCATION:
Bachelors degree in Information Systems, Cybersecurity, or related field is required.
In lieu of a degree, an Associates degree or a professional certification in cybersecurity with specific industry experience may be considered at the discretion of the hiring manager.
EXPERIENCE:
A minimum of 5 years of relevant work experience required.
Experience with IT/security governance, risk, and compliance management is preferred.
SPECIAL SKILLS, KNOWLEDGE AND ABILITIES DESIRED:
· Ability to provide sound and reliable judgment, take initiative, and accomplish tasks with minimal supervision in complex situations.
Possess excellent verbal and written communication skills.
· Ability to work in a team-oriented, collaborative environment.
· Must have problem solving and analytical skills.
· Ability to communicate with all levels of the organization in a manner that is supportive, timely, and understandable.
PHYSICAL DEMANDS:
Routine office job which will require sitting for extended periods of time.
Ability to frequently lift up to 10 lbs.
and occasionally lift up to 20 lbs.
EXPOSURE CATEGORY:
Category III.
Tasks that involve no exposure to blood, body fluids, or tissues.
And Category I tasks are not a condition of employment.
** A.
D.
A.
Essential Functions