"Alerted.org

+ Remote: Yes

+ Area of Interest: Business Professionals

+ FTE/Hours per pay period: 1.0

+ Department: Information Protection

+ Shift: Monday-Friday, standard business hours

+ Job ID: 177194

Overview

UnityPoint Health is looking for a Regional Information Security Officer (RISO) to oversee the information security program in collaboration with the Chief Information Security Officer (CISO). The RISO will promote enterprise security initiatives, assess and manage risks, and serve as the escalation point for security issues within the region or affiliate. This role involves liaising between business units and System Services to ensure compliance with the UPH Information Security Program. Regular risk assessments and managing mitigation plans are key responsibilities.

Join us at UnityPoint Health to help enhance our information security efforts!

Hours: Monday-Friday, standard business hours

Why UnityPoint Health?

At UnityPoint Health, you matter. We’re proud to be recognized as a Top 150 Place to Work in Healthcare by Becker's Healthcare several years in a row for our commitment to our team members.

Our competitive Total Rewards program offers benefits options that align with your needs and priorities, no matter what life stage you’re in.   Here are just a few:

+ Expect paid time off, parental leave, 401K matching and an employee recognition program .

+ Dental and health insurance, paid holidays, short and long-term disability and more. We even offer pet insurance for your four-legged family members.

+ Early access to earned wages with Daily Pay, tuition reimbursement to help further your career and adoption assistance to help you grow your family .

With a collective goal to champion a culture of belonging where everyone feels valued and respected, we honor the ways people are unique and embrace what brings us together.

And, we believe equipping you with support and development opportunities is a vital part of delivering an exceptional employment experience.

Find a fulfilling career and make a difference with UnityPoint Health.

Responsibilities

Advancement of Information Security Program in Region, Affiliate, or Service Line

+ Support projects to create, implement, manage, and enforce information security directives as mandated by federal, state, and local agencies and to appropriately mitigate information risks

+ Support the development and ongoing management of the information security program for UPH including policies, procedures, guidelines, awareness and training plan, overall security infrastructure, and monitoring

+ Ensure the ongoing integration of information security with business strategies and requirements within the region, affiliate, or service line

+ Ensure access control, disaster recovery, business continuity, incident response, risk management, and other information security best practices, are properly addressed in the region, affiliate or service line

+ Support information security awareness and training initiatives to educate workforce about information risks and how to mitigate them

+ Participate in on-going information risk assessments and audits to ensure that information systems are adequately protected and meet all regulations

+ Work with vendors, outside consultants, and other third parties to improve information security within the organization

+ Monitor the effectiveness of the information security program throughout region, affiliate, or service line and provide regular reports to the local Compliance Committee and the CISO

+ Work closely with the Regional Privacy Officers for ongoing application of technology functionality to protect PHI

+ Stay up-to-date with current and emerging information security threats, reported incidents and new and updated data protection laws and regulations

Customer Service

+ Fulfills the ISO role for the assigned region, affiliate, or service line

+ Advises, communicates, and responds to individuals regarding information security questions

+ and/or concerns

+ Supports the UPH strategic direction and balances it with the specific business and information systems needs of the customers

+ Performs daily monitoring, investigation, and mitigation of security violations

+ Understands system security requirements by business function

+ Communicates with all levels of management and end users concerning the policies, procedures, standards, and guidelines related to information security

+ Ensures that the communication occurs and is appropriate at each level

Information Security Standards, Policies, and Compliance

+ Oversees risk assessment and risk management processes for their assigned region, affiliate, or service line

+ Assists in the investigation, planning, documentation, implementation, maintenance, and testing of incident response, business continuity, emergency operations, and disaster recovery plans and audit controls

+ Assists in the development of an education program that promotes security planning, awareness and training throughout the organization

+ Provides expertise to projects to ensure compliance with UPH policy, security and privacy standards, and state and federal laws and regulations

+ Reports non-adherence and non-conformity to standards and policies to local governing bodies and the CISO

Qualifications

+ Bachelor’s degree is required. Equivalent education and work experience will be accepted only if previous experience applies to specific work in the information protection field

+ At least five (5) years of experience in information security or healthcare regulations

+ Broad understanding of HIPAA compliance regulations, information protection and technology controls, auditing processes, and disaster recovery/contingency planning

+ Excellent communication, planning, and organizational skills

+ Understands computer system functionality, limitations, and architecture of supported applications and platforms