Associate Director of IT SecurityVNS
PURPOSE OF POSITION
Responsible for developing and managing VNS information technology security standards, best practices, policies and procedures to ensure proper data and information security across the Agency and in exchange of data with entities outside VNS (as required under HIPAA security rule). Responsible for the evaluation, selection, and/or approval of security applications and systems. Designs and develops appropriate IT security solutions and practices for new business initiatives. Oversees (direct or dotted line) staff that maintains IT security. Advises IS staff and management throughout VNSNY on IT security. Fosters appreciation, among business and clinical leaders of the importance of information security in achieving their goals, and in adhering to information security standards and practices. Works under general direction.
RESPONSIBILITIES
Sets strategic direction and priorities for IS activities and projects, ensuring IT security within IS and throughout VNSNY. Remains current with continual development of information security threats in the world at large, security software and systems as they become available in the market, and the security implications of new technologies and applications being considered throughout VNSNY.Supports initiatives to exchange data electronically between VNS and external entities (e.g. Regional Health Information Organizations (RHIO's), insurers, hospitals, physicians, patients, patients' designees, etc.) by developing appropriate solutions and standards to control security risks while promoting business and clinical functions. Evaluates IT Security requirements and architects, designs, and ensures the development and implementation of solutions in collaboration with VNS project teams and external entities. Coordinates with the VNS Privacy Officer and Legal Department to ensure that these solutions meet regulatory and policy requirements.Represents VNSNY in discussions with groups outside of VNSNY regarding information security. Prepares and delivers presentations as appropriate in external conferences. Prepares and delivers presentations on information security to VNSNY senior management and the Board of Directors.Implements processes and methods for addressing non-compliance to information security standards; facilitates migration of non-compliant environments to compliant environments. Responsible for the evaluation and selection of security applications and systems.Conducts audits within and outside IS to ensure compliance with standards and maintain currency with industry norms. Assists internal and external auditors in conducting security reviews, receives and reviews their findings and recommendations, and adopts and implements actionable solutions.Represents the security needs of IS by providing security expertise and assistance for all IS projects. Manages and participates in the planning and implementation of security administration for all IS projects. Provides recommendations and assists in the implementation of changes to work methods and procedures to ensure strong and effective security measures. Develops security policies and procedures in areas such as user log-on and authentication rules, security breach escalation procedures, use of firewalls and encryption routines, etc. and ensures compliance. Provides direct management and back-up support of Information Security Technical Specialist in configuring and maintaining firewall security and providing access control to Internet sites. Ensures ongoing coordination between the Information Security Tech Specialist and the Telecom group in IS. Provides dotted-line oversight and mentoring of IS staff who configure and maintain security access at the network, VPN, operating system, database, application, and hardware level.Enforces security policies and procedures by administering and monitoring data security profiles, reviewing security violation reports and investigating possible security exceptions. Updates, maintains and documents security controls. Prepares status reports on various security matters or issues. Participates in the evaluation of products and/or procedures to enhance productivity and effectiveness. Key participant in evaluating and selecting software that impacts security such as anti-spam and anti-spy ware software, and user authentication and context management software. Provides support to business and IS staff for security related issues or projects. Actively integrates their work into VNSNY IT security standards, including standardization of user authentication (user ID and password) where possible. Contributes to architecture and design of information systems to ensure maintenance of information security. Provides guidance and mentoring to Applications and Infrastructure staff. Promotes the importance of information security to senior managers in relation to their clinical and business objectives. Educates/provides training to business and clinical staff regarding security policies and procedures, and consults on security issues regarding user built/managed systems. Strikes appropriate balance in facilitating business/clinical function and security. Exhibits deep service commitment to customers in responding promptly to client requests and requirements. Evaluates security implications and sets security standards for emerging and expanding technologies such as web-based applications and mobile computing. Performs all duties inherent in a managerial role. Ensures effective staff training, evaluates staff performance, provides input for the development of the department budget. Assists with hiring, promoting, terminating staff and recommending salary actions, as appropriate.Participates in special projects and performs other related duties as required.
COMPETENCIES
Accountable/Results OrientedAdaptability/FlexibilityBusiness AcumenCommunications Initiative/InnovationPlanning & Problem SolvingTeamwork & CollaborationChange ManagementProject ManagementStrategic Management
QUALIFICATIONS
Education: Bachelors degree in Computer Science or related discipline OR equivalent related work experience required. Certified in CISSP or equivalent preferred. Experience: Minimum of seven years experience in Information Systems, including proficiency with one or more of the following: systems security, applications programming, systems architecture, working knowledge of available systems alternatives and technology, or an equivalent combination in education and work experience required. Minimum of three years experience specializing in information systems security required. Excellent analytical, consultative, and communication skills in order to interact with both technical and non-technical managers and staff. Strong judgment and the ability to work effectively with clients, IT management, and staff required. Proficient knowledge and understanding of business processes and systems development process required. Thorough understanding of information security requirements of HIPAA and/or Sarbanes-Oxley required. Applicants should send resume and cover letter to Kent.Draper@vnsny.org