Under the leadership of Chief Compliance Officer and Chief Information Officer, the Information Technology Security Officer (ITSO) will assist in creating and instituting measures to safeguard sensitive information within a computer network. ITSO will research, help develop, assist with implementation, test and review organization's information security to protect information and prevent unauthorized access. ITSO will provide training to end-users relevant to security measures and explain potential threats.
- Responsible for working with appropriate IT staff to gather information to ensure strong security and functioning external barriers such as firewalls and other security measures.
- Assess the impact on system modifications and technological advances.
- Review systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
- Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in security plan.
- Ensure all users have the requisite access, authorization, and need-to-know.
- Ensure all users are aware of their security responsibilities before granting access.
- Reports all security-related incidents to Chief Compliance Office (CCO) and Chief Information Officer (CIO) as appropriate.
- Leads investigations of IT security related incidents.
- Collaborate with appropriate IT staff to address protective or corrective measures when a security incident or vulnerability is discovered with approval of CCO and CIO.
- Develop and maintain Information System Security Plans (ISSP).
- Conduct periodic reviews to ensure compliance with ISSP.
- Ensure Configuration Management (CM) for security-related IT software, hardware, and firmware is maintained and documented.
- Monitor system recovery processes to ensure that security features and procedures are properly restored.
- Ensure all IT security-related documentation is current and accessible to properly authorized users.
- Develops and updates IT security policies in cooperation with CCO and CIO.
- Completes all electronic health record entries accurately and timely pertinent to patient care role.
- Participates in departmental workflow and or testing teams as related to electronic health record or other project initiatives.
- Ensure proper PPE is worn at all times while on duty including but not limited to, face mask, gloves, gown, isolation gown, NIOSH-approved N95 filtering facepiece respirator or higher, if available), and eye or face shield.
- Complete all donning and doffing tasks in a safe acceptable method and discard of used PPE accordingly. (see CDC website for most current updates)
- Complete task training for all routine cleaning and decontamination processes for all surfaces contaminated by a communicable disease to ensure a high level of patient, visitor, employee and external customer satisfaction.
Leadership, Staff Engagement and Development:
- Develop and manage awareness of IT Security/ Cybersecurity within TCHRCC.
- Builds effective relationship within organization, specifically IT and Compliance.
- Works with IT Security Governance Committee to define needs and prepares budgets.
Communication & Collaboration:
- Develop strong working relationships with staff at all levels and departments.
- Collaborate best practices with departments to ensure general consistencies.
- Represents TCRHCC in state and national security initiatives.
- Manage vendor and consultant relationships to ensure conformance to contracts for applications and technology used within the assigned areas of responsibility.
Demonstrate accuracy, thoroughness, and look for ways to improve and promote quality by setting priorities and managing work within time frame. Plans and carries out assignments independently and resolves problems within the broad framework of established policies, laws, regulations and the concept of sound management principles and practices. Many inquires require initiative, good judgment, and effective administration to take timely correct action and to determine whether identified risks are of a nature that is acceptable to TCRHCC policy.
MENTAL AND PHYSICAL EFFORT
The physical and mental demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
Exercises independent judgment in applying the guidelines set forth by organization policy, management directives, activities, and operating procedures, and in reaching appropriate decisions for issues not covered by guidelines. Requires an ability to interpret, adapt and apply compliance practices, policies and procedures to meet the requirements of Federal health care law. Must be able to stand, walk up to 1/3 time and sit, talk or hear, use hands to finger, handle or feel 2/3 time or more; and push/pull, stoop/kneel/crouch or crawl, reach with hands and arms up to 1/3 of the time during a scheduled work shift. Must be able to lift to 25 lbs. up to ½ time; and up to 50 lbs. up to 1/3 time of a scheduled work shift. Must be able to hear equipment alarms, client call, and instructions from co-workers. Must be able to distinguish numbers, letters, and colors; and be able to see, hear, and speak with clarity. Must be able to repetitively use hands and do simple/light grasping throughout shift. Environment working in is typically controlled and inside with rare and occasional outside duties where the environment can be unpredictable.
Must be able to prioritize and use good judgment. Must have critical thinking skills to problem solve and plan, identify and question issues and information in order to make appropriate assumptions, inferences, implications, and decisions. Must be able to communicate with staff, providers, senior leaders, legal counsel, and external entities.
Ensures that periodic risk assessments and ongoing monitoring of key elements of the IT Security program are monitored; including privacy notice, consent, authorization, business partner agreements/practices, minimum necessary information, disclosure, and review all system-related information security plans throughout the organization's network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department
TCRHCC is located within the Navajo Nation and, in accordance with Navajo Nation law, has implemented a Navajo/Indian Preference in Employment Policy. Pursuant to this Policy, applicants who are enrolled members of the Navajo Nation and who meet the necessary qualifications for this position will be given preference in hiring and employment for this position and applicants who are enrolled members of any other tribe who meet the necessary qualifications will be given secondary preference.
In performance of their respective tasks and duties, all employees at TCRHCC are expected to conform to the following:
- Adhere to all professional and ethical behavior standards of the healthcare industry.
- Interact in an honest, trustworthy and dependable manner with patients, employees and vendors.
- Possess cultural awareness and sensitivity.
All employees must uphold all principles of confidentiality and patient care to the fullest extent. This position has access to sensitive information and a breach of these principles may be grounds for immediate termination.
I have read the qualifications and requirements for the position of IS Security Officer. To the best of my knowledge, I believe I can perform these duties.