Information Security Officer

Sacramento, CA, United States

We are so glad you are interested in joining Sutter Health!

Organization:

SHSO-Sutter Health System Office-Valley

Position Overview:

Responsible for establishing and maintaining the information security program at Sutter Health affiliates, including hands-on execution and day-to-day management of the Affiliate Information Security Program. Is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Enables the organization to achieve its mission of providing world-class health care to its communities and proactively works with business units to evaluate, educate, and implement practices that meet defined policies and standards for information security. Works with affiliate and enterprise leadership to determine acceptable levels of risk for the organization and reports on variance. The ISO maintains a deep knowledge about the business environment and ensures ongoing security controls are maintained.

(Intended for use by SHSO only)

Job Description :

EDUCATION:

Bachelor's: Computer Science, Information Security, Business, Management, Information Technology or related field or equivalent education/experience

CERTIFICATION & LICENSURE: CISSP-Certified Information Systems Security Professional within 1 Year of hire

TYPICAL EXPERIENCE: 12 years recent relevant experience

SKILLS AND KNOWLEDGE: Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management.

Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration.

Knowledge and understanding of relevant legal and regulatory requirements including participating in audit teams/process, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAEC-16 Soc 2 and other industry initiatives and regulations.

Understanding of the business impact of security tools, technologies, and policies.

Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications.

Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs.

Comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.).

Written and verbal communication skills, including the ability to give presentations and translate complex technical concepts and the digital security viewpoint into business and clinician relatable language.

Problem-solving and analytical skills.

Ability to establish and maintain a high level of customer trust and confidence.

Ability to work under stress in emergencies, and the flexibility to handle simultaneous high pressure demands.

Ability to drive through obstacles and deliver computing capability across a broad spectrum of technologies and entities.

Attention to detail.

Ability to prioritize tasks so work is completed in an accurate, timely manner.

Advanced level of competency in Microsoft Office Suite, as well as other relevant software for research and analysis.

Highly self-motivated and self-directed.

Capable of pulling together many disparate facts and observations into one overall plan

Ability to work well in a group setting with a broad range of system experiences

Ability to quickly learn new systems/applications and grasp fundamentals/concepts of systems

Ability to shift gears midstream and move in different direction when needed.

Negotiation and vendor relationship skills.

Skill in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment.

High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

Ability to interact with all stakeholders and build relationships at all levels and across all business units and organizations.

Understands business imperatives.

Demonstrated comprehension of infrastructure and systems development.

Demonstrated ability to develop and report on metrics.

Communication, facilitation, writing, and public speaking skills.

PHYSICAL ACTIVITIES AND REQUIREMENTS:

See required physical demands, mental components, visual activities & working conditions at the following link: Job Requirements

Job Shift:

Days

Schedule:

Full Time

Shift Hours:

8

Days of the Week:

Monday - Friday

Weekend Requirements:

As Needed

Benefits:

Yes

Unions:

No

Position Status:

Exempt

Weekly Hours:

40

Employee Status:

Regular

Number of Openings:

1

Sutter Health is an equal opportunity employer EOE/M/F/Disability/Veterans.

Pay Range is $80.57 to $128.91 / hour

The salary range for this role may vary above or below the posted range as determined by location. This range has not been adjusted for any specific geographic differential applicable by area where the position may be filled. Compensation takes into account several factors including but not limited to a candidate's experience, education, skills, licensure and certifications, department equity, training and organizational needs. Base pay is just one piece of the total rewards program offered by Sutter Health. Eligible roles also qualify for a comprehensive benefits package.

#J-18808-Ljbffr