Summary : Technical individual responsible for executing, and auditing for compliance with, information security policies, and procedures.  Owns technical systems used to maintain appropriate levels of confidentiality, integrity, and security in all information systems.  Advises and works with Security Officer(s) who author policy. 

Essential Duties & Responsibilities :

·          Owns technical implementations that ensure ongoing compliance with information security directives as mandated by HIPAA, EHNAC & other regulatory bodies & accreditations that  must comply with in the future.

·          Provide technical analysis to Security Officer(s) who document the organization’s rationale for it’s security policies and procedures. 

·          Advise Security Officer(s) of significant developments internally and externally where new policies may be needed.

·          Provide regular reports on security, risk assessments and audits to ensure that information systems are adequately protected and meet compliance requirements e.g. HIPAA & EHNAC certification. 

·          Understand and work with technical and non-technical staff, vendors, outside consultants, and other third parties to improve information security within the organization.

·          Ensure that access control, disaster recovery, business continuity, incident response and risk management needs of the organization are properly addressed in a timely manner.

·          Lead the response to contain, investigate, analyze and prevent future computer security breaches.

·          Log security violations/incidents.

·          Mentor I.T. staff in security best practices and procedures that lend to security e.g. Desktop Support, System Administration, Software Development & Support teams.

·          Participate in the design of new and enhancements to existing systems.  Represent security concerns, identify and communicate risks. 

·          Ensure continuous availability of critical network services.

·          Configures, monitors & troubleshoots security devices. 

Qualifications

·          Strong technical skills (see knowledge & experience section)

·          Experienced in the management of both physical and logical information security systems.

·          Outstanding interpersonal, communication, presentation, teamwork and documentation skills.

·          Must possess a high degree of integrity and trust along with the ability to work independently.

·          Ability to weigh business risks and enforce appropriate information security measures.

·          Must be able to pass an extensive background check.

·          Capable of designing and implementing systems that monitor and provide security alerts and appropriate workflows to respond to them. e.g. responding to DDoS and other attacks.

Supervisory Responsibilities : N/A

Knowledge and Experience

·          Network e.g. TCP/IP, LAN/WAN, ports, protocols, Fibre Channel technology

·          Security agents/devices e.g. Firewalls, data loss prevention, content screening, threat defense systems, monitoring and self defending products (IDS/IPS), antivirus

·          Vulnerability assessments / security audits

·          Application and operating system hardening

·          .NET web & application systems

·          Microsoft SQL Server

·          CISSP is a plus but not required.