Essential Job Responsibilities/Expectations
- Serves as the organization’s Chief Information Security Officer (CISO).
- Conduct business in compliance with McLeod Health’s Code of Conduct and immediately reports violations to the designated authority and helps investigate alleged wrongdoing.
- Interpret applicable federal and state law and regulations to plan audit parameters, determine compliance with such regulations and communicate necessary changes in compliance with regulatory requirements.
- Develop and execute a system-wide compliance audit plan, effective tools, and methodologies to ensure data integrity and compliance with federal and state regulations pertaining to healthcare program requirements for information technology security.
- Ensure McLeod Health is appropriately monitored for IT security compliance.
- Maintain a focus on high-risk areas to determine if appropriate controls are in place to adequately mitigate risks.
- Works collaboratively with others across the organization to help resolve areas of identified security risks.
- Develop an understanding of the operations, systems processes and procedures used in the areas being audited.
- Conduct security audits and review the results then devises appropriate recommendations and corrective action plans.
- Manages the performance of subsequent audits to ensure completeness and oversees the execution of corrective action plans.
- Work in conjunction with the HIPAA Privacy Administrator on the successful developments, execution, and completion of the annual HIPAA Audit Schedule.
- Evaluates the IT threat landscape and devises cybersecurity policy and controls to reduce risk by conducting auditing and compliance initiatives.
- Contribute to the development of cyber resiliency to rapidly recover from hacking, security incidents or infringements.
- Participate in the development and/or enhancement of an information security management framework.
- Develop and deploy continuous cybersecurity training.
- Recommend appropriate industry standard policies and procedures and advises on content.
- Serves as a security liaison to Network Services.
- Generate periodic reports to the Corporate HIPAA Office on the state of IT security compliance.
Job Requirements
Qualifications /Training:
- Minimum of five years of healthcare auditing experience preferred.
- Be able to demonstrate competence in performing audits, producing reports, formulating remediation or mitigation plans, and conducting follow-up audits.
- Must have project management experience.
- Must have proficiency in MS Office applications.
Licenses/Certifications/Registrations/Education:
- Bachelors Degree in business related discipline required.
- Certification in industry related discipline preferred.
Physical Requirements: Refer to Occupational Risk Assessment
#J-18808-Ljbffr