The person selected for this role has the option to work from home. Candidate must live in the Northern California Sutter Health Footprint and be available to come on site as needed for meetings, etc.
Responsible for establishing and maintaining the information security program at Sutter Health affiliates, including hands-on execution and day-to-day management of the Affiliate Information Security Program. Is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Enables the organization to achieve its mission of providing world-class health care to its communities and proactively works with business units to evaluate, educate, and implement practices that meet defined policies and standards for information security. Works with affiliate and enterprise leadership to determine acceptable levels of risk for the organization and reports on variance. The ISO maintains a deep knowledge about the business environment and ensures ongoing security controls are maintained.
Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management.
Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration.
Knowledge and understanding of relevant legal and regulatory requirements including participating in audit teams/process, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Meaningful Use, SSAEC-16 Soc 2 and other industry initiatives and regulations.
Understanding of the business impact of security tools, technologies, and policies.
Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications.
Broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs.
Comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.).
Written and verbal communication skills, including the ability to give presentations and translate complex technical concepts and the digital security viewpoint into business and clinician relatable language.
Problem-solving and analytical skills.
Ability to establish and maintain a high level of customer trust and confidence.
Ability to work under stress in emergencies, and the flexibility to handle simultaneous high pressure demands.
Ability to drive through obstacles and deliver computing capability across a broad spectrum of technologies and entities.
Attention to detail.
Ability to prioritize tasks so work is completed in an accurate, timely manner.
Advanced level of competency in Microsoft Office Suite, as well as other relevant software for research and analysis.
Highly self-motivated and self-directed.
Capable of pulling together many disparate facts and observations into one overall plan
Ability to work well in a group setting with a broad range of system experiences
Ability to quickly learn new systems/applications and grasp fundamentals/concepts of systems
Ability to shift gears midstream and move in different direction when needed.
Negotiation and vendor relationship skills.
Skill in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment.
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
Ability to interact with all stakeholders and build relationships at all levels and across all business units and organizations.
Understands business imperatives.
Demonstrated comprehension of infrastructure and systems development.
Demonstrated ability to develop and report on metrics.
Communication, facilitation, writing, and public speaking skills.
This position is work from home eligible.