Carvechi Technology is hiring a Director of Security & IT Support will be responsible for developing, implementing and monitoring a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled.
Primary Duties and Responsibilities
• Develops corporate security strategy, security architecture, and security incident response.
• Manages the company security organization, consisting of possible direct and indirect reports, to include hiring, training, staff development, performance management and annual performance review.
• Develops and manages budgets and monitors for variances.
• Works with business units to facilitate IT risk assessment and risk management processes, and works with stakeholders through the company on identifying acceptable levels of residual risk. Oversees and conducts periodic security risk assessments in accordance with the HIPAA Security Rule.
• Provides strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Educates IT and Business leaders on appropriate security risk and mitigation strategies and approaches.
Other responsibilities may include:
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation.
o Works with business, clinical, and compliance leaders to ensure security programs follow HIPAA Security Rule and other relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
o Develops, maintains and publishes up-to-date security policies, standards and guidelines. Oversees training and dissemination of security policies and practices.
o Evaluates new security threats and healthcare IT trends and develops effective security controls.
o Develops and oversees effective disaster recovery policies and standards to align with company business continuity management program goals. Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
o Evaluates potential security breaches, coordinates response, and recommend corrective actions.
o Other duties as assigned and modified at manager’s discretion.
KNOWLEDGE, SKILLS AND ABILITIES:
• Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy & Security (CHPS).
• Current knowledge of federal and state privacy and security laws and regulations, as well as industry best practices.
• Ability to serve as a security resource to all levels including executive management, department staff, and external bodies, such as state agencies.
• Demonstrate competence in the areas of the critical thinking and problem solving, interpersonal relationships, and technical skills.
• Fluent in English.
EDUCATION / SPECIALIZED KNOWLEDGE REQUIREMENTS:
• Master’s degree in Information Systems, Business, Computer Science, or related field.
• Five (5) years management experience in Information Technology OR
• Bachelor’s degree in Information Systems, Computer Science or related field with seven (7) years management experience in Information Technology.
• Directly related experience may be considered in lieu of educational requirements.
• Healthcare management experience is preferred.
