Job Description

Lovelace Health Systems

Job Title-Information Security Officer

Organizational Relationships:
Reports to the Lovelace Sr. V.P. and Chief Information Officer. Alternately, works closely with the CIGNA information protection team in the development and implementation of information security strategy. Closely works with CIGNA/Lovelace executive management and designated groups in the development and support of information protection policy. Specifically, develops and maintains close working relationships with the CIGNA/Lovelace Compliance Officer, Chief Legal Counsel, Chief Technology Architect, Director of System Development and Director of Advanced Technology. Maintains no direct reports.

Position Overview:

• Under the general direction of the Chief Information Officer, the Information Security Officer (ISO) is responsible for the development and implementation of Information Security Strategy for the organization.
• Responsible for aligning information security activities with business risk priorities through prioritization of security risk and mitigation activities.
• Responsible for the development of information protection policies specific to CIGNA/Lovelace requirements as enhancements to organizational policies
• Responsible for performing an inventory of information assets, maintaining the asset repository, managing the data classification project that includes assignment of business owners and security administrators for the systems and data of the organization.
• Responsible for conducting training and communications plans and programs for CIGNA/Lovelace, which include security awareness programs, security training, and security training compliance.
• Responsible for organizational compliance in accordance with corporate and divisional information security policies, standards and procedures.
• Responsible for the exception process, authorizing and documenting all exceptions, and maintaining a repository of all exceptions for CIGNA/Lovelace.
• Focal point for all information security related audit work (internal & external) for CIGNA/Lovelace. Coordinates with auditors in the execution of these audits.
• Participates in regular corporate security meetings and initiatives.
• Provides support and consulting to the business division while staying current on relevant security regulations, laws, and technologies.
• Responsible for oversight compliance with CIGNA/Lovelace Information Systems compliance with corporate Business Continuity Program.

Education/Experience/Job Specifications

• Bachelor degree in computer science, math, business or accounting is required. Masters degree exposure to health care administration is desired. These requirements may be met through formal coursework or equivalent level of experience.
• A qualified candidate will include 10-12 years of broadly based, progressive experience in information systems environment preferably in a health care setting.
• Multi-institutional health systems or health care consulting experience is preferred.
• Identifies with, shares in, and has a commitment to the basic values of the organization.
• Evidence an understanding of a systems perspective and the interdependence of one unit upon another, and how a change in any one part affects all others.
• Ability to build and sustain collaborative relationships with executive management.
• Ability to build and sustain collaborative relationships with multiple constituencies.
• Ability to translate technical security terminology into terms understandable to diverse groups.
• Ability to operate effectively in an environment of limited direction.