POSITION SUMMARY
Under the leadership of Chief Compliance Officer and Chief Information Officer, the Information Technology Security Officer (ITSO) will assist in creating and instituting measures to safeguard sensitive information within a computer network. ITSO will research, help develop, assist with implementation, test and review organization's information security to protect information and prevent unauthorized access. ITSO will provide training to end-users relevant to security measures and explain potential threats.
ESSENTIAL FUNCTIONS:
- Responsible for working with appropriate IT staff to gather information to ensure strong security and functioning external barriers such as firewalls and other security measures.
- Assess the impact on system modifications and technological advances.
- Review systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
- Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in security plan.
- Ensure all users have the requisite access, authorization, and need-to-know.
- Ensure all users are aware of their security responsibilities before granting access.
- Reports all security-related incidents to Chief Compliance Office (CCO) and Chief Information Officer (CIO) as appropriate.
- Leads investigations of IT security related incidents.
- Collaborate with appropriate IT staff to address protective or corrective measures when a security incident or vulnerability is discovered with approval of CCO and CIO.
- Develop and maintain Information System Security Plans (ISSP).
- Conduct periodic reviews to ensure compliance with ISSP.
- Ensure Configuration Management (CM) for security-related IT software, hardware, and firmware is maintained and documented.
- Monitor system recovery processes to ensure that security features and procedures are properly restored.
- Ensure all IT security-related documentation is current and accessible to properly authorized users.
- Develops and updates IT security policies in cooperation with CCO and CIO.
- Completes all electronic health record entries accurately and timely pertinent to patient care role.
- Participates in departmental workflow and or testing teams as related to electronic health record or other project initiatives.
- Ensure proper PPE is worn at all times while on duty including but not limited to, face mask, gloves, gown, isolation gown, NIOSH-approved N95 filtering facepiece respirator or higher, if available), and eye or face shield.
- Complete all donning and doffing tasks in a safe acceptable method and discard of used PPE accordingly. (see CDC website for most current updates)
- Complete task training for all routine cleaning and decontamination processes for all surfaces contaminated by a communicable disease to ensure a high level of patient, visitor, employee and external customer satisfaction.
Leadership, Staff Engagement and Development:
- Develop and manage awareness of IT Security/ Cybersecurity within TCHRCC.
- Builds effective relationship within organization, specifically IT and Compliance.
- Works with IT Security Governance Committee to define needs and prepares budgets.
Communication & Collaboration:
- Develop strong working relationships with staff at all levels and departments.
- Collaborate best practices with departments to ensure general consistencies.
- Represents TCRHCC in state and national security initiatives.
Administrative
-
Manage vendor and consultant relationships to ensure conformance to contracts for applications and technology used within the assigned areas of responsibility.
MENTAL AND PHYSICAL EFFORT
The physical and mental demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
Physical:
Exercises independent judgment in applying the guidelines set forth by organization policy, management directives, activities, and operating procedures, and in reaching appropriate decisions for issues not covered by guidelines. Requires an ability to interpret, adapt and apply compliance practices, policies and procedures to meet the requirements of Federal health care law. Must be able to stand, walk up to 1/3 time and sit, talk or hear, use hands to finger, handle or feel 2/3 time or more; and push/pull, stoop/kneel/crouch or crawl, reach with hands and arms up to 1/3 of the time during a scheduled work shift. Must be able to lift to 25 lbs. up to ½ time; and up to 50 lbs. up to 1/3 time of a scheduled work shift. Must be able to hear equipment alarms, client call, and instructions from co-workers. Must be able to distinguish numbers, letters, and colors; and be able to see, hear, and speak with clarity. Must be able to repetitively use hands and do simple/light grasping throughout shift. Environment working in is typically controlled and inside with rare and occasional outside duties where the environment can be unpredictable.
Mental:
Must be able to prioritize and use good judgment. Must have critical thinking skills to problem solve and plan, identify and question issues and information in order to make appropriate assumptions, inferences, implications, and decisions. Must be able to communicate with staff, providers, senior leaders, legal counsel, and external entities.
|