NYeC is seeking an experienced, energetic, engaging and visionary leader who wants to become part of an exciting, vibrant community of information technology professionals supporting the SHIN-NY mission: to improve healthcare through the exchange of health information whenever and wherever needed.
The SHIN-NY information technology environment is highly distributed and diverse including the Statewide Hub and eight (8) regional health information organizations known as Qualified Entities (QEs). We are seeking a strong, knowledgeable leader to provide vision, strategy, broad-based planning, and hands-on responsibility as the SHIN-NY Chief Information Security Officer (CISO).
This role will have an impact on:
• Responsible for the strategic leadership of the SHIN-NY’s and NYeC overall information security program.
• Provide guidance and counsel to the CEO, CIO and key members of the NYeC leadership team, working closely with NYS DOH, QE leaders, and the SHIN-NY Policy Committee as appropriate in defining objectives for information security.
• Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire SHIN-NY enterprise.
• Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
• Stay abreast of information security issues and regulatory changes affecting health information technology at the state and national level.
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
• Establish a strong security and privacy culture for NYeC staff and the SHIN-NY as a whole.
• Perform special projects and other duties as assigned.
Policy, Compliance and Audit
• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Work closely with NYeC Policy Director and Policy Committee as needed.
• Lead efforts to internally assess, evaluate and make recommendations to NYeC CEO and CIO regarding the adequacy of the security controls for the SHIN-NY’s enterprise information technology systems.
• Work with Internal Audit teams, NYS DOH and outside consultants as appropriate on required security assessments and audits.
• Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective. Provide guidance, evaluation and advocacy on audit responses.
• Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors.
Outreach, Education and Training
• Create education and awareness programs and advise NYeC and QEs on security issues, best practices, and vulnerabilities.
• Work with QE CISOs and other leaders as appropriate to build awareness and a sense of common purpose around security.
• Pursue security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
Risk Management and Incident Response
• Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) that includes QE CISOs or other leaders, as needed or requested, in addressing and investigating security incidences that arise.
• Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the SHIN-NY.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies across the SHIN-NY enterprise.
• Examine impacts of new technologies on the SHIN-NY’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
NYeC Technology Services
• Serve on the NYeC HIPAA Committee, ensuring that proper policies and security frameworks exist for NYeC as an organization.
• Oversee the implementation of NYeC security measures to ensure NYeC conformance with state of the art security requirements.
• Recommends acquisition of various hardware and software in order to properly implement privacy and security policies for internal NYeC use.
• Oversee the monitoring and reviewing of computer systems logs and network activities for possible unauthorized intrusion.
• Uses a systematic approach for the identification and resolution of complex privacy and security issues.