[COMMENT1] SPARROW HOSPITAL AND HEALTH SYSTEM
JOB DESCRIPTION
MANAGEMENT
1. Job Title: Data
Security Administrator - Lead 2.
Date: May
8, 2001
3. Corresponding Role Statement: Executive Director Manager Supervisor
4. Department #: 8357 Department
Name: Data Security
Administration
5. Class Code: Pay Grade: .
Status: X Exempt Non-Exempt
7. Reports Directly To (Position): Data Security
Manager
8. Purpose of Job:
Formulates, defines and implements procedures
necessary to ensure the safety of information systems assets and to protect systems
from intentional or inadvertent access or destruction. Devises or modifies systems or procedures to
solve complex problems balancing business needs against potential risks. Interfaces with user community to understand
their security needs and implements procedures to accommodate those needs.
Ensures that user community understands and adheres to necessary procedures to
maintain data security. Conducts accurate evaluation of the level of security
required. Also has duties instructing, directing and overseeing the work of
other Data Security staff members. Leads enterprise-wide security
implementation projects.
9. Principal Duties and Responsibilities (Consistent with the
Role Statement):
a) Participate in the development, communication, and implementation of Information Security Program by assessing current compliance, working collaboratively with staff to develop departmental plans, and develop methods to monitor, report and appropriately respond to deviations.
b) Provide direction to
affiliates in the development and administration of the security and privacy
programs and provide advice on the protection of information assets.
c) Monitor federal and
state laws and accredited bodies regarding health information privacy and
security. Develop or revise plans, policies, and standards to comply with
regulations, (HIPAA, JCAHO, AOA).
d) Assist in the
development and maintenance of disaster recovery/business resumption plans.
e) Work directly with
Information Services staff to incorporate information security requirements
into automated applications and technology during system selection and
implementation.
f)
Routinely
monitor and perform audits to ensure production environments maintain necessary
controls to ensure integrity and accessibility of data.
g) Assist in the development
and maintenance of security incident management procedures to achieve
appropriate, effective and orderly response to security incidents.
h) Perform periodic
analysis of information security violations and problems. Analyze issues and
vulnerabilities related to information security. Investigate improper information disclosures or security
incidents.
i)
Maintain
institutional knowledge of the Health System’s constantly growing information
security requirements and stay abreast of management and technical advances in
information technology and security.
j)
Develop
and maintain security policies, procedures and guidelines that are in
compliance with Sparrow Health System policies and generally accepted
information systems control requirements.
k) Conduct recurring information
security risk assessments and training programs. Effectively promote security
awareness within the Health System.
l)
Keep
abreast of current and emerging technical information security developments.
Research, recommend and implement security tools and measures.
m) Respect and maintain
confidentiality of enterprise information including specified security plans
and controls.
n) Perform other
information system department functions as assigned by the Data Security
Administration Manager /Chief Security Officer.
10. Working Conditions:
a) Office and computer room
environment.
b) Some travel required.
c) Extensive keyboard usage
and exposure to CRT/monitor.
d) Minimal exposure to
latex, less than 10%.
11. Positions That Report Directly To This Position:
a) Must develop and
maintain effective relationship with technical and departmental staff.
b) Mentors fellow data
security administration team members and provides leadership and oversight on
medium to large projects.
12. Knowledge, Skills, Experience Required (Consistent With The
Role Statement):
a) Bachelor’s degree in
Computer Science or other related area.
Masters desirable.
b) Seven or more years of
related and progressively more responsible or expansive work experience in
applying security and privacy principles in a healthcare setting.
c) Certified Information
Systems Security Professional or Certified Information Systems Auditor plus: a
secondary industry-recognized security-related certification (including CISSP,
CISA, CCSA, CCSE, SSCP, GCIH, GCIA, GCFA, GSEC I, GSEC II) or,
industry-recognized technical certification (including CNA, CNE, Master CNE,
CDE, MCP, MCSE, ACP, CCP, CCNA, CCNP, CCIE, CCDP, CCDA).
d) Highly organized and
effective time management skills. Direct Project Management experience
required.
e) Excellent oral and
written communication skills. Ability to plan, design, write, administer and
interpret information security policy.
f)
Interpersonal
skills at a level to function well in a wide range of administrative and
management environments and a strong image of professional discipline.
13. Approvals:
Director: Date:
Executive: Date:
Human Resources: Date:
This description is
intended to indicate the kinds of activities and levels of work difficulty
required for positions with this title and should not be construed as declaring
the specific duties and responsibilities of any particular position. The duties described should not be held to
exclude other duties not mentioned that are of similar kind or level of
difficulty.