Manager - Security Architect & Engineering - Greenville, NC

If you are interested in multiple opportunities, you will need to apply for each position separately.

Apply Now

926073

Vidant Health

Full Time

Regular

Summary

About Vidant Health

Vidant Health, located in eastern North Carolina, is a comprehensive health system that is made up of 8 hospitals that serve 1.4 million people in 29 counties. Vidant Health includes Vidant Medical Center, community hospitals, physician practices and partners that collaborate with Vidant Health to enhance the quality of life of our patients.

Information Services at Vidant Health

Vidant Health offers comprehensive Information Technology (IT) services and infrastructure to support and enable all aspects of organizational operations. Our IT division consists of a state-of-the-art data center located in Greenville, NC. The data center services all information technology needs of Vidant Health facilities. All Vidant Health owned or leased hospitals are on a common IT platform, including our electronic health record (EHR) that uses Epic's suite of applications. Vidant Health has achieved Meaningful Use Stage 2 recognition and is also approaching Stage 7 for HIMSS Analytics’ Electronic Medical Records Adoption Model (EMRAM) recognition.

Position Summary

The Manager of Information Security Architecture and Engineering manages the development, execution and operations of Vidant Health´s information Security Architecture and Engineering processes across the health system. This position assists in the development, implementation and maintenance of the information security architecture and engineering program. The manager will be responsible for an information security architecture framework and standards that governs security practices system wide, enabling risk based control decisions to protect the confidentiality, integrity and availability of electronic personal health information PHI. The manager will be responsible for key activities including key oversight of information security engineering and drive implementation of the target security architecture. This position is graded at a manager level, but the candidate is expected to be a very hands on active member of the team helping to drive objectives forward as much, or more, than their team members.

Responsibilities

  • Manage information security architecture gap and capability assessments, refresh cycle, approval process.

  • Define and manage the information security controls and counter measures. Align third party security program needs with information security risk management process.

  • Work with peers in Vidant Health Office of Audit and Compliance and Information Systems to leverage existing compliance processes to realize efficiencies where possible.

  • Work with Manager of Security Operations and Compliance to develop library of authoritative requirements for information security ranging from regulatory requirements to health care provider industry practices e.g. HIPAA Security rules, HITSP, CCHIT, ISO 27001 and 2, etc. . Refresh Information Security policy, compliance, and risk management capabilities based on authoritative requirements regularly.

  • Participates and consults with business operating units to identify the IS implications of their strategic and operating plans. Identify and recommend opportunities to leverage existing systems and/or new and emerging technologies where appropriate.

  • Contributes to the development of a multiyear roadmap for overall Information Security Program. Specific areas of responsibility include security architecture, incident management, forensics and event monitoring.

  • Applies rigorous testing and quality assurance techniques to all system changes and strictly adhere to Change Control processes.

  • Conducts and/or coordinates post implementation audits to ensure that application systems and technologies are fully and appropriately utilized. In collaboration with business partners, design and implement system enhancements to meet dynamically changing business requirements and take advantage of ongoing vendor supplied system enhancements.

  • Participates in the annual external financial audit of security and controls and annual IS risk assessment across the health system. Participates in internal audits, as appropriate, as identified in the annual audit plan. Develops and implements action plans to address any gaps identified during the audit process.

Minimum Requirements

Education

  • Bachelors degree in healthcare, computer technology, information management or related field required. Masters degree desirable

  • 2 years experience working within the Healthcare Industry

  • 2 years experience with regulatory controls such as HITECH Act and HIPAA Laws

  • Certifications such as:

  • Certified Information System Security Professional CISSP
  • Certified Information System Auditor CISA
  • Certified in the Governance of Enterprise IT CGEIT
  • Certified Information Security Manager CISM
  • HealthCare Information Security and Privacy Practitioner HCISPP

Experience

  • Three to five years of experience in IS audit and compliance, with a strong operational background and proven track record of accomplishments in Information Services within a large, complex, multi location organization.

  • Demonstrated track record implementing and successfully leading often through work products an IS compliance program is strongly preferred.

  • Seasoned professional with health care experience that has a deep understanding of health care operations as well as the current business issues and trends influencing health care providers is desired.

General Statement

It is the goal of Vidant Health and its entities to employ the most qualified individual who best matches the requirements for the vacant position.

Offers of employment are subject to successful completion of all pre-employment screenings, which may include an occupational health screening, criminal record check, education, reference, and licensure verification.

We value diversity and are proud to be an equal opportunity employer.   Decisions of employment are made based on business needs, job requirements and applicant’s qualifications without regard to race, color, religion, gender, national origin, disability status, protected veteran status, genetic information and testing, family and medical leave, sexual orientation, gender identity or expression or any other status protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer, or against any individuals who assist or participate in the investigation of any complaint.

Share This: