The Health Sciences Center (HSC) Information Security Officer (ISO) oversees IT security activities in the UNM HSC, which includes the Health System, associated with the confidentiality, integrity, and availability of patient, provider, employee, student, and business information in compliance with UNM HSC policies and procedures, as well as Federal and State statutory and regulatory requirements. This position reports directly to the HSC Chief Information Officer (CIO), and participates in overall IT governance decision making for the entire HSC. The HSC ISO serves as the HSC HIPAA Security Officer to lead and participate in the interpretation and implementation of HIPAA security regulations; monitors and ensures organizational compliance with Federal and State laws, regulations and standards.
With guidance from HSC IT leadership, the HSC Privacy Officer and HSC Chief Compliance Officer (CCO), the HSC ISO leads the HSC information security program which includes: ongoing risk assessment and mitigation; development and implementation of IT security-related policies, procedures, and standards; workforce education; and establishment of administrative, technical and physical controls. Also responsible for regular IT security risk and status reports to the Executive Compliance Committee and the CCO. With oversight from HSC IT security stakeholders, works with IT leadership to prioritize security initiatives designed to evaluate and mitigate risk and design a cost-effective HSC IT security program; plans and implements strategic initiatives.
The ISO's technical background in the management of both physical, virtual and logical information security systems, technologies and applications will help them weigh business risks and enforce appropriate information security measures. The incumbent should possess expertise of various encryption techniques and their proper utilization.
The UNM HSC has earned a national and international reputation for its integrated education, patient care, research, and partnership initiatives which address the unique healthcare needs of New Mexico's urban and rural populations (http://hsc.unm.edu).
See the Position Description for additional information.
Conditions of Employment:
- Must pass a pre-employment criminal background check.
- Employees in this job title are subject to the terms and conditions of an employment contract. Employment contracts are typically subject to review and renewal on an annual basis.
Health Sciences Center (HSC) - Albuquerque, NM
This is a benefits eligible position. The University of New Mexico provides a comprehensive package of benefits including medical, dental, vision, and life insurance. In addition, UNM offers educational benefits through the tuition remission and dependent education programs. See the Benefits home page for a more information.
The following documents are required with your application to be considered for the position: - Resume - Cover letter - Complete UNM Application - Writing sample (formal or informal IT policy, procedure, standard and/or guideline, no longer than 3-4 pages.) - Transcripts or other records for any relevant IT security certifications or training
Minimum Qualifications: Bachelor's degree; at least 8 years of experience directly related to the duties and responsibilities specified.
Completed degree(s) from an accredited institution that are above the minimum education requirement may be substituted for experience on a year for year basis.
Preferred Qualifications: Preferred qualifications:
- Experience negotiating, writing, reviewing and updating information security policies, procedures, guidelines and standards covering multiple agencies and departments
- Experience analyzing security reviews and assessments specific to the healthcare industry
- Knowledge of business impact assessment and risk analysis methodologies
- Knowledge of cybersecurity frameworks, particularly the NIST Cybersecurity Framework
- Knowledge of data use agreements and data transfer procedures relevant to HIPAA and FERPA data
- Possess technically oriented IT security training, credentials or certifications. i.e., HCISPP, CISSP, CPHIMS
or similar certifications and coursework
Contact Us: firstname.lastname@example.org