Core Responsibilities: The Information Security Officer (ISO) is responsible for the development and delivery of a comprehensive information security and privacy program for the Downstate Medical Center (DMC). The Officer coordinates the development of DMC information security polices, processes, standards and procedures and works with key IT managers, data custodians and governance groups in the development of such policies. The ISO is responsible for managing risks related to information security, business continuity planning, crisis management, privacy, and compliance. Responsibilities include the following: - Ensure all staff members are trained on SUNY DMC and governmental security requirements and promote cyber security awareness programs across the organization. - Ensure that DMC policies support compliance with external regulatory requirements. Manage the dissemination of policies, standards and procedures to the DMC community. - Work with the campus-designated FERPA, Records Access and HIPAA-privacy Officers on compliance issues as necessary. Prepare and submit required reports to external agencies. Report any security breaches to all internal and external regulatory agencies and respond to third party inquiries. - Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommended methods for vulnerability detection and remediation, and conduct vulnerability testing. Including conduct and implementing required security measures to meet the ARRA meaningful use standard for the institution. - Develop plans to safeguard computer files and confidential information against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs. - Confer with users to discuss issues such as computer data access needs, security violations, and programming changes. - Monitor current reports of computer viruses to determine when to update virus protection systems. - Modify computer security files to incorporate new software, correct errors, or change individual access status. - Coordinate implementation of information security solutions and controls with both internal and external resources - Protects system by defining access privileges, control structures, and resources. - Determines security violations and inefficiencies by conducting periodic audits. - Upgrades system by implementing and maintaining security controls. - Enforce SUNY DMC security guidelines and partake in implementation of business continuity and disaster recovery environment of all IT systems/applications. - Report information security performance against established security metrics, prepare management reports recapping and trending various categories of security issues and highlighting remediation activities. - Produce quarterly and year-to-date reports identifying threats and risks. - Develop remediation plans and facilitate implementation to reduce future risk of security breaches, data loss and operational disruption. Core Requirements: - A Bachelor's or Master's Degree in Computer Science or related field of study. - Qualified candidate must possess a minimum of 3-5 years of information security experience, preferably in a healthcare environment. - Knowledge of national and international regulatory compliances and frameworks such as HIPAA, ISO, NIST, SOX, GDPR, and PCI DSS. - Excellent project management, written and oral communication skills desired. - Ability to work collaboratively with a broad range of constituencies is essential. - Strong problem solving and analytical skills. DUTIES AND RESPONSIBILITIES ARE NOT LIMITED TO THE ABOVE POSITION DESCRIPTION All successful candidates must undergo various background checks, maintain credentials required for continued employment and adhere to the SUNY-DMC UHB Principles of Behavior. Clinical Faculty and Allied Health professionals must receive and maintain Medical Board authorization. SUNY Downstate Medical Center offers a competitive salary and benefits package. SUNY Downstate Medical Center is an affirmative action, equal opportunity employer and does not discriminate on the basis of race, color, national origin, religion, creed, age, disability, sex, gender identity, sexual orientation, familiar status, pregnancy, predisposing genetic characteristics, military status, domestic violence victim status or criminal conviction. Associated topics: countermeasure, loss control, loss prevention, protection, public safety officer, safety officer, safety report, secure, security officer, tsa
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.