Information Security Manager
GFHS | 200 East Second Ave, NC | Full Time
Summary of the position...
The Information Security Officer (ISO) provides the vision and strategies necessary to ensure the confidentiality, integrity, and availability of GFHS’ electronic information by communicating risk to senior administration, creating and maintaining enforceable policies and supporting processes, and ensuring compliance with regulatory requirements.To support these activities, the ISO coordinates activities with other departments, including the evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. Additionally, the ISO ensures an organization-wide disaster recovery and incident response plans are in place.
Minimum Qualifications and required skills...
- Experience in an information security role.
- Solid knowledge of various information security frameworks.
- Excellent problem-solving and analytical skills.
- Ability to educate a non-technical audience about various security measures
- Effective verbal and written communication skills.
- Excellent time management and problem-solving skills.
- Proficient computer skills in MS Word, Excel, basic keyboard use and e-mail communication
- Experience with Cloud computing/Elastic computing across virtualized environments.
- Experience managing next-gen antivirus platforms
- Experience with inventory and deployment tools such as SnipeIT or PDQ
- Experience with patch management systems in Windows environment
- Experience managing local and cloud backup solutions
Our ideal candidate will...
- Creates information security strategies, both short-term and long-range, in support of the organization’s goals.
- Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the organization’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
- Communicates risks and recommendations to mitigate risks to the senior administration by communicating in non-technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the Organization.
- Oversees all ongoing activities related to the development, implementation, and maintenance of the Organization’s information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within GFHS and assisting departments in local process and procedure development, ensuring they are not in conflict with organizational policies.
- Assists other departments to ensure regulatory compliance in areas such as the Payment Card Industry – Data Security Standards (PCI-DSS) and the Health Insurance Portability and Accountability Act (HIPAA), serves as the HIPAA Security Officer for the Organization system, and works with HIPAA Privacy Officers to ensure full compliance in securing Protected Health Information (PHI).
- Ensures vulnerabilities are managed by directing periodic vulnerability scans of servers connected to GFHS networks.
- Develops information security awareness training and education programs, works with other Organization entities to present them to faculty, staff, and students, and participates in local, regional, and national awareness and education events, as appropriate.
- Ensures sufficient resources are available and allocated to projects by balancing project funding requirements with the assigned budgets, coordinates and tracks project expenditures to ensure resources are used effectively and within budget, and provides periodic budget reports to the Chief Information Officer.
- Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
- Evaluates security incidents and determines what response, if any, is needed and coordinates Organization responses, including technical incident response teams, when sensitive information is breached.
- Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
- Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.
- Contributes to the overall success of the Organization by performing all other duties and responsibilities as assigned.
- Education: Two year computer-science, information technology or technology related degree / certificate, four year degree preferred.
- Experience Required: Minimum 3 years’ experience maintaining and supporting Windows & Linux-based servers, network and applications; 5 years preferred.
- Professional Licensure: None
- Certification(s) : Professional information security certification such as Security+ or Cybersecurity Analyst (CySA+) Certification