The Manager of Information Security is responsible for oversight of the development and delivery of a comprehensive information security and program for UofL Physicians. The scope of this program is enterprise wide and includes information in electronic, print and other formats. The purpose of this program is to assure that the information created, acquired or maintained by UofL Physicians and its authorized users is used in accordance with its intended purpose; to monitor UofL Physicians information ePHI and its infrastructure from external or internal threats; and to assure that UofL Physicians complies with statutory and regulatory requirements regarding information access, security, and privacy.
- Build a strategic and comprehensive information security program that minimizes risk and ensures integrity, confidentiality and availability of ePHI.
- Development and implementation of UofL Physicians information security policies, standards and procedures. Work with key Information System offices, data custodians and governance groups in the development of such policies.
- Educates workforce members on standards and procedures related to security of ePHI.
- Serve as the UofL Physicians Information Security Officer with respect to state and federal information security policies and regulations.
- Collaborate with HIPAA-Privacy Officer on compliance issues as necessary. to ensure alignment between security and privacy compliance.
- Develop and implement an Incident Reporting and Response system to address UofL Physicians security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
- Serve as the official contact point for information security, and copyright infringement incidents, including relationship with law enforcement entities. Prepare and submit required reports to external agencies as necessary.
- Evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to mitigate risk as necessary.
- Develop and implement an ongoing risk assessment program targeting information security matters; recommend methods for vulnerability detection, remediation, and oversee vulnerability testing.
- Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the UofL Physicians and its mission.
- Collaborate with Information Technology as needed for Recovery Planning, Business Downtime Planning and other projects as needed.
- Serves as Information Security consultant to all departments for data security related issues.
- Oversee periodic monitoring and reviewing of audit. This would include, logons, file accesses, updates, edits and printing.
- Oversee and audit terminated workforce member systems access.
- Ensure that organization has audit controls to monitor activity on electronic systems that contain or use ePHI.
- Establish and serve as leader of the Security Compliance Committee as a forum for security-related topics and . Develop action plan recommendations as necessary.
- Ensure that the organization is following mandated HIPAA Security Rule requirements for administrative, technical and physical safeguards.
- Other duties as assigned.
MINIMUM EDUCATION & EXPERIENCE
- Bachelor's degree, required. Advanced degree preferred.
- Minimum five (5) years of experience in information security, information technology or related field.
- Experience in developing and administering an information security program, preferred.
KNOWLEDGE, SKILLS, & ABILITIES
- Excellent project management, written and oral communications skills.
- Ability to work collaboratively with a broad range of constituencies.
- Working knowledge of policy and regulatory environment of information security, especially in medical field.
- Service Excellence -- responsive, informs constituents of process, pleasant to work with, educates and provides timely, accurate information
- Presentation -- can speak in front of people to deliver necessary material or messaging
- Interpersonal -- can build effective, strong working relationships with employees, colleagues, management and vendors through trust, communication, and credibility
- Office environment -- office, sitting, computer, walking, lifting etc.