Information Security Officer
Posting Number: #008-21
Position Title: Information Security Officer
Closing Date: Until Filled
Tracing Health’s Information Security Officer (ISO) is responsible for the development and implementation of policies and procedures to ensure the integrity of electronic Protected Health Information (ePHI) for the program. The ISO will be tasked with assessing and communicating identified risk(s) to program management, as well as staff training – including developing and coordinating HIPAA-compliant security awareness and education programs. This position will also be in support of relevant processes across the Tracing Health program including Information Technology (IT), Data Operations, as well as program implementation efforts across counties in California, Oregon, and Washington states. As the Tracing Health program hosts a remote workforce, the ISO will also be responsible for virtual workplace security and preparation of incident response plans. To thrive in this role, the successful candidate will have a clear understanding of how to establish, manage, and enforce HIPAA-compliant policies and procedures, be an effective communicator eager to take on staff training activities, and have a shared commitment to collaboration needed to work across an expanding program.
Essential Duties & Responsibilities
- Establish, manage, and enforce electronic Protected Health Information (ePHI) controls.
- Provide limited staff training – including developing and coordinating HIPAA-compliant security awareness and education programs.
- Responsible for organizational security awareness.
- Responsible for integrating IT security and HIPAA compliance with program implementation efforts.
- Responsible for the preparation of incident response plans.
- Liaise, coordinate, and collaborate with PHI Central IT.
- Maintain a current, up-to-date, knowledge of federal and state privacy laws and accreditation standards.
- Serve as an experienced resource for all program staff, including for those in program management.
- Able to work independently while also maintaining good communication with supervisor.
- 8 years of relevant experience. Knowledge/experience related to leadership can substitute.
- Experience managing technical resources.
- Direct experience in the specific technical areas of systems administration, applications development, database administration, network operations, and data center operations.
- Experience selecting and implementing security controls within a Windows server and desktop environment.
- Demonstrated track record of maintaining currency with technological trends and available security solutions in the marketplace.
- Experience with information system auditing including computer security reviews, control selection, and evaluation of systems using a risk-based approach.
- Strong interpersonal and communication skills, plus the ability to achieve goals through influence, collaboration, and cooperation.
- Expertise in risk management approaches to assess and address security and other types of Information Technology-related risks.
- Expertise in computer forensic investigation methodology and investigation tools to collect, analyze and preserve electronic evidence.
- Integrity and high standards of personal and professional conduct.
- Strong troubleshooting skills with demonstrated ability to learn new skills quickly.
- Requires strong oral and written communication skills and an ability to effectively communicate technology concepts.
- Reliability, effective follow-through and demonstrated project coordination/management skills in a technical environment.
- Must be reachable via email or cell phone and respond after normal business hours.
- Bachelor’s degree or additional 4 years of related experience (12 total) required.
- Familiarity with health and clinical systems and exposure to healthcare information security practices (HIPAA).
- Certified Information Security Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) preferred.
- Ability to build and maintain positive working relationships with staff and internal/external partners.
- Demonstrated commitment to advancing health equity.
- Ability to work in a fast-moving, ever-changing environment.
- Work with the evaluation team to ensure relevant data are available.
- Must be a resident of California.
- 3 years of management level experience preferred.
- D. degree preferred.
- Experience in a public health setting.
- Proactive approach to asking questions and raising concerns.
- Excellent verbal and written communication skills.
- Excellent interpersonal and conflict resolution skills.
- Excellent organizational skills and attention to detail.
- Ability to act with integrity, professionalism, and confidentiality.
- Demonstrated attention to detail, flexibility, resourcefulness, and creative problem-solving skills.
- This is a part-time (up to 28 hours weekly, or up to 70% FTE) position.
- This is a time-limited position that is funded through December 31, 2021 with the possibility of being extended.
- This is a remote position supporting work in the states of California, Oregon, and Washington.
The Public Health Institute is committed to a policy that provides equal employment opportunities to all employees and applicants for employment without regard to race, color, sex, religion, national origin, ancestry, age, marital status, pregnancy, medical condition including genetic characteristics, physical or mental disability, veteran status, gender identification and expression, sexual orientation, and to make all employment decisions so as to further this principle of equal employment opportunity. To this end, the PHI will not discriminate against any employee or applicant for employment because of race, color, sex, religion, national origin, ancestry, age, marital status, pregnancy, medical condition including genetic characteristics, physical or mental disability, veteran status, gender identification and expression, sexual orientation, and will take affirmative action to ensure that applicants are offered employment and employees are treated during employment without regard to these characteristics.
To apply for any position, you must create an account on the Public Health Institute’s job application site. After creating your account, you may search the open positions and apply for the specific position that interests you. Please note, mailed and emailed applications will not be accepted.
We’re so pleased the Public Health Institute is an organization you would like to work with. Do you have questions about this opportunity? If so, email our recruitment team at Recruitment@phi.org.