[COMMENT1]                         SPARROW HOSPITAL AND HEALTH SYSTEM

                                              JOB DESCRIPTION

                                                             

1. Job Title:  Data Security Administrator  - Intermediate           2. Date:    May 8, 2001                 

 

3. Corresponding Role Statement:        Executive       Director       Manager       Supervisor                                                   

4. Department #:   8357           Department Name:  Data Security Administration                              

 

5. Class Code:          Pay Grade:               6. Status:     X  Exempt       Non-Exempt

 

7. Reports Directly To (Position): Data Security Manager                                                 

 

 

 

8. Purpose of Job: 

 

Under general supervision, performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Interfaces with user community to understand their security needs and implements procedures to accommodate those needs. Ensures that user community understands and adheres to necessary procedures to maintain security. Conducts accurate evaluations of the level of security required in accordance with Health System policies and federal and state laws. Provides management with status reports. Competent to work on basic security / privacy projects with general supervision/direction.

 

 

9. Principal Duties and Responsibilities (Consistent with the Role Statement):

 

a)       Conduct security incident investigation and documentation under the general direction of the Lead DSA or the Manager of Data Security.

b)       Maintain security policies, procedures and guidelines that are in compliance with Sparrow Health System policies and generally accepted information systems control requirements.

c)       Research, evaluate and recommend security products.

d)       Assist in the implementation and documentation of security software/hardware.

e)       Under general direction, provide consultation to Sparrow departments regarding information security / privacy.

f)        Under general direction, conduct recurring information security risk assessments and training programs. Effectively promote security awareness within the Health System.

g)       Support smaller information technology projects as a team member, lead, or co-lead.

h)       Under general direction, assist departments with the development of appropriate disaster recovery/business resumption plans.

i)         Keep abreast of current and emerging technical information security developments including related federal and state laws and accreditation requirements.

j)         Work with technical/analytical resources to produce detailed reviews and recommendations of security mechanisms applied to Sparrow processes.

k)       Respect and maintain confidentiality of enterprise information including specified security plans and controls.

l)         Perform other information security functions as assigned by the Data Security Administration Manager/Chief Security Officer.

 

 

10. Working Conditions:

 

a)       Office and computer room environment.

b)       Some travel required.

c)       Extensive keyboard usage and exposure to CRT/monitor.

d)       Minimal exposure to latex, less than 10%.

 

11. Positions That Report Directly To This Position:

 

a)       Must develop and maintain effective relationships with technical and departmental staff.

b)       Mentors Associate Data Security Administrators and provides leadership and oversight on small projects.

 

 

12. Knowledge, Skills, Experience Required (Consistent With The Role Statement):

 

a)       Bachelor’s degree or equivalent combination of education and work experience required.

b)       Two or more years of related and progressively more responsible or expansive work experience in applying security and privacy principles in a healthcare setting.

c)       An industry-recognized security-related certification (including CISSP, CISA, CCSA, CCSE, SSCP, GCIH, GCIA, GCFA, GSEC I, GSEC II) or, industry-recognized technical certification (including CNA, CNE, Master CNE, CDE, MCP, MCSE, ACP, CCP, CCNA, CCNP, CCIE, CCDP, CCDA) preferred.

d)       Excellent oral and written communication skills. Ability to plan, design, write, administer and interpret information security policy.

e)       Interpersonal skills at a level to function well in a wide range of administrative and management environments and a strong image of professional discipline.

f)        Highly organized and effective time management skills.  Project management experience required.

 

 

13. Approvals:

 

    Director:                                                                          Date:                                 

 

    Executive:                                                                         Date:                                 

 

    Human Resources:                                                              Date:                                  

 

 

This description is intended to indicate the kinds of activities and levels of work difficulty required for positions with this title and should not be construed as declaring the specific duties and responsibilities of any particular position.  The duties described should not be held to exclude other duties not mentioned that are of similar kind or level of difficulty.

 

 [COMMENT1]PRINT SIZE MAY VARY. 

 

USE TYPEOVER KEY