Manager - Security Compliance - Greenville, NC

Apply Now

918373

Vidant Health

Full Time

Regular

Summary

About Vidant Health

Vidant Health, located in eastern North Carolina, is a comprehensive health system that is made up of 8 hospitals that serve 1.4 million people in 29 counties. Vidant Health includes Vidant Medical Center, community hospitals, physician practices and partners that collaborate with Vidant Health to enhance the quality of life of our patients.

    

 Information Services at Vidant Health

Vidant Health offers comprehensive Information Technology (IT) services and infrastructure to support and enable all aspects of organizational operations. Our IT division consists of a state-of-the-art data center located in Greenville, NC. The data center services all information technology needs of Vidant Health facilities. Vidant Health has been recognized as one of the 100 Most Wired healthcare organizations by Hospitals and Health Networks magazine. All Vidant Health owned or leased hospitals are on a common IT platform, including our electronic health record (EHR) that uses Epic's suite of applications. Vidant Health has achieved Meaningful Use Stage 1 recognition and is also approaching Stage 7 for HIMSS Analytics’ Electronic Medical Records Adoption Model (EMRAM) recognition. 

Responsibilities

Manages the development, execution and operations of Vidant Health's information security policy, compliance and risk management processes across the health system. The Manager reports to the Director of Information Security and assists in the development, implementation and maintenance of an information security policy, compliance and risk management program. The manager will be responsible for an information security policy management framework that governs security practices systemwide, enabling risk-based control decisions to protect the confidentiality, integrity and availability of electronic personal health information (PHI). The manager will be responsible for key activities including oversight of information security risk and compliance assessments, information security policy management, monitoring latest developments in information security compliance and regulations, deployment of information security training and awareness programs, oversight of information security controls and risk profiles of third-party, vendors, and suppliers, management reporting of information security risk and compliance profiles for Vidant Health and its affiliates. This position is graded at a manager level, but the candidate is expected to be a very hands-on active member of the team helping to drive objectives forward as much or more than their team members.

  • Strategic and Tactical IS Support. Demonstrates a commitment to supporting the business needs of Vidant Health by collaborating with business stakeholders in the selection and implementation of new technologies and adaptation of existing systems.
  • Sets vision and direction of information security policy, compliance, and risk management at Vidant Health. Manage the information security policy framework (Policies, Standards, and Procedures) - gap and capability assessments, policy refresh cycle, approval process, risk-based implementation.
  • Define and manage the information security risk management process - risk taxonomy, scope and approach, risk identification, risk assessment, risk remediation, risk reporting. Align third party security program needs with information security risk management process.
  • Work with Vidant Health Office of Audit and Compliance to leverage existing compliance processes to realize efficiencies where possible.
  • Report to the Director of Information Security on progress, risks, issues, and escalation.
  • Develop annual plan and strategy for the Information Security Policy, Compliance, and Risk program.
  • Oversee execution of information security risk assessments across RHCs and support identification of system wide remediation strategies vs. local RHC-specific solutions.
  • Develop library of authoritative requirements for information security ranging from regulatory requirements to health care provider industry practices (e.g. HIPAA Security rules, HITSP, CCHIT, ISO 27001 & 2, etc.). Refresh Information Security policy, compliance, and risk management capabilities based on authoritative requirements regularly.
  • Participates and consults with business operating units to identify the IS implications of their strategic and operating plans.
  • Identify and recommend opportunities to leverage existing systems and/or new and emerging technologies where appropriate.
  • Contributes to the development of a multiyear roadmap for security, policy, compliance and risk management.
  • Ensures utilization of Vidant's IS project management methodology to improve processes to select, prioritize and implement IS enabled business initiatives so they are delivered on-time, within budget and meet the stated business objectives. Contributes to the ongoing development of Vidant's IS project management methodology.
  • Manages IS resource requirements to ensure appropriate balance between operational and project demands.
  • Resolves resource conflicts to satisfy organizational priorities by reallocating and/or supplementing IS resources.
  • Service Delivery. Demonstrates a commitment to customer service by providing responsive and effective support, developing solid working relationships with end user customers, and delivering high quality, value-added services that exceed customer expectations.
  • Promotes the philosophical direction of Vidant IS in the adoption of IT Service Management (ITSM) by managing team compliance with IS governance and ITSM processes and ensuring ITSM subject matter expertise within the team.
  • Manages day-to-day support of Information Security with other IS Directors/Managers to consistently perform at or better than defined service level commitments. Performs root cause analysis (SBAR) on incidents to identify opportunities to prevent future occurrences.
  • Maintains systems to industry standards and vendor contractual requirements to minimize business disruptions associated with incidents and/or unscheduled downtime. Manage all stages of system upgrade processes including design, testing, training requirements, procedures, new support requirements, documentation, and production turnover.
  • Applies rigorous testing and quality assurance techniques to all system changes and strictly adhere to Change Control processes.
  • Conducts and/or coordinates post-implementation audits to ensure that application systems and technologies are fully and appropriately utilized. In collaboration with business partners, design and implement system enhancements to meet dynamically changing business requirements and take advantage of ongoing vendor supplied system enhancements.
  • Develops and maintains a culture that promotes service excellence and employee empowerment to act in the best interest of IS customers who are directly caring for our patients.
  • Participates in the annual external financial audit of security and controls and annual IS risk assessment across the health system. Participates in internal audits, as appropriate, as identified in the annual audit plan. Develops and implements action plans to address any gaps identified during the audit process.
  • Participates in the development and annual testing of Vidant Health's disaster recovery plan to ensure the plans are current and effective.
  • Talent Management. Demonstrates a commitment to employee professional development by providing opportunities for assuming new and varied responsibilities, training and development, and coaching and mentoring by management and staff.
  • Recruits and develops IS leaders and staff to create a high-performing organization capable of supporting current systems while developing new skills needed to transform the IS organization and leverage next generation technologies.
  • Provides promotional and career development opportunities for IS employees within a system that includes career paths, succession planning, and on-the-job training opportunities.
  • Conducts regular performance appraisals and recommends appropriate personnel actions.
  • Provides effective on-boarding and ongoing coaching, mentoring, and feedback to improve performance, foster personal growth, and let employees know they are valued.
  • Creates a team oriented, professional work environment providing the requisite challenges to retain talented IS professionals.
  • Contributes to the design of recognition systems that reward employees for their contributions.
  • Demonstrates a commitment to personal development by maintaining professional knowledge of current trends and developments in the information technology and health care industries through related seminars, independent study, professional associations, and conferences.
  • Financial Management. Demonstrates a commitment to the effective utilization of IS human and financial resources by developing and monitoring capital and operating budgets and a multiyear financial plan to support the IS Strategic Plan.
  • Identifies opportunities to leverage economies of scale and drive efficiencies to manage overall operating costs balancing business requirements with Vidant Health financial targets.
  • Develops a total cost of ownership (TCO) for all new and replacement systems securing business commitment to the onetime and ongoing costs and identifying budgetary implications in the current and future fiscal years.

Minimum Requirements

  • Bachelor's degree in healthcare, computer technology, information management or related field required. Master's degree desirable.
  • 2 years experience working within the Healthcare Industry and 2 years experience with regulatory controls such as HITECH Act and HIPAA Laws is required.
  • Certifications required such as:
  • Certified Information System Security Professional (CISSP)
  • Certified Information System Auditor (CISA)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Security Manager (CISM)
  • HealthCare Information Security and Privacy Practitioner (HCISPP)

Other Information

  • Three to five years of experience in IS audit and compliance, with a strong operational background and proven track record of accomplishments in Information Services within a large, complex, multi-location organization is required.
  • Demonstrated track record implementing and successfully leading (often through work products) an IS compliance program is strongly preferred.
  • Seasoned professional with health care experience that has a deep understanding of health care operations as well as the current business issues and trends influencing health care providers is desire.

General Statement

It is the goal of Vidant Health and its entities to employ the most qualified individual who best matches the requirements for the vacant position.

Offers of employment are subject to successful completion of all pre-employment screenings, which may include an occupational health screening, criminal record check, education, reference, and licensure verification.

We value diversity and are proud to be an equal opportunity employer.   Decisions of employment are made based on business needs, job requirements and applicant’s qualifications without regard to race, color, religion, gender, national origin, disability status, protected veteran status, genetic information and testing, family and medical leave, sexual orientation, gender identity or expression or any other status protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer, or against any individuals who assist or participate in the investigation of any complaint.

 

Share This: