Job Description

Job Title-Security Manager

General Purpose
Under general supervision, directs information technology security program. This includes developing, implementing, and maturing of security on all hospital IT systems in order to centrally manage physical access, access to systems, educate users of individual responsibilities, and minimize the possibility of malicious access. Guidelines include all departmental, hospital, and personnel policies and procedures. The position requires a high level of technical knowledge in the area of network, server and workstation security. Assessment of risks, implementing security and changing the culture of the institution through training and education, coordinating closely with the Health Sciences Center on security issues, compliance and preparing and enforcing policies. The position reports to the CIO, but recognizing the network-wide nature of the responsibility, will frequently be involved with policy development and systems security analysis throughout the HSC. Patient care contact: None

Position Accountabilities:

• The delivery of quality service and positive interaction with our customers is critical to the completion of all the tasks within this job description.
• Participates in the development, documentation, communication, testing, and periodic review and revision of business continuity and disaster recovery plans.
• Oversee the development of an ongoing education program for the various constituencies regarding information security including the nature of and rationale for new policies as they are developed.
• Provide for training on specific-security issues for various communities of the hospital.
• Develop and maintain an IT security policy for the hospital, working with the appropriate Executive Committees.
• Develop and follow an audit plan for assessing security risks in the hospital and Medical School units.
• Perform security audits, monitor compliance, perform risk and vulnerability assessments of hospital information systems.
• Present audit findings to hospital administration.
• Monitors and assures that policies and procedures related to accuracy, integrity, confidentiality and security are followed by project team members and departmental personnel in the implementation and maintenance of information systems.
• Develop and Maintain system agreements with appropriate staff to ensure confidentiality and security
• Participate on hospital and HSC committees in regard to system and data security as necessary.
• Work closely with other information security officers at the University and within the community.
• Keep hospital management informed of information and security issues and practices in these sister Organizations which may affect the hospital or the HSC.
• When security breaches occur involving systems within the hospital, assist physical and technical staff in understanding the source of the attack, in assessing and containing damage and in devising measures that will help protect against such events in the future.
• Form and train incident response units. Maintain a database of intrusions and incidents, tracking the cost of intrusions.
• Ensure the compliance with governmental regulations (HIPAA, FERPA, etc.) and university policies.
• Maintain security documentation as required for outside regulatory agencies (JCAHO, HIPPA, etc).
• Works closely with system, network, physical and PC managers in securing hospital and Patient information.
• Keep abreast of security related technology, practices and regulations in the marketplace or from government or other universities.
• Develop and maintain the IT security program for the university hospital, based on an understanding of current and future technologies and the current state of IS security.
• Develop with administration strategic enterprise wide plans for security policies, practices, and technology enhancements.
• Develop a security architecture for the hospital, including hardware and software components, Definition of the network perimeter and catalog of information resources and assets.
• Performs other related duties as assigned or requested.

• B.S. in computer science, electrical engineering, or a related field. Education may be substituted by six to eight years of experience of which three years are specific to developing, implementing and monitoring security systems.

• Three years of progressively responsible systems security experience is required.

• Hospital and clinical information systems security.

• Occasionally subject to irregular hours.
• Occasional pressure due to multiple calls and inquiries.
• Regularly required to be on-call.
• Occasional travel with use of private vehicle required.