Halifax Health is seeking a Manager for the IT - Security Department.
The Manager of IT Security and Risk is responsible for assessing the IT Security risk of the information, networks, devices, medical equipment and other IT assets at Halifax Health (HH) for protection of ePHI and ePII data, intrusion, malware, and Ransomware. This position will supervise IT Security Risk management staff, and work closely with the CIO, Director of Technical Services, IT teams, Internal Audit, Compliance, all Halifax team members and other parties with access to the network and critical information (vendors, contractors, physicians, physician offices, etc.).
The Manager will oversee projects and implementations of IT security tools, software, hardware, technologies, policy, procedures and educational awareness programs. The Manager reviews all contracts and performs risk assessments and technical reviews on existing, upgraded or new technologies, devices, applications, services, medical devices and information systems. The Manager is responsible for maintaining a level of knowledge about new threats and vulnerabilities and communicating the impact to the organization. Evaluation may include convening a Security Incident Response Team (SIRT). This manager will lead SIRTs and follow up on all action items to mitigate risks. The Manager will work with Penetration Testers, Risk Assessors and External Auditors to coordinate activities (if relevant) mitigate issues found and coordinate follow up testing. The Manager evaluates requests for elevated access to systems, devices and network access for approval. Responsible for maintaining the Risk Assessment, related policies and procedures in preparation for random Office for Civil Rights (OCR) HIPAA audit.
- Bachelor's Degree in Computer Science or related technology field required. Advanced degree preferred.
- Requires ten years of relevant computer systems experience, preferably to include three years of experience in an information security position and/or three years in a technology role. Healthcare industry experience a plus.
- Understanding of IT Security technologies, tools and hardware.
- Knowledgeable of ransomware, malware, vulnerabilities and exploits that could affect Halifax software, devices, medical devices or network.
- Thorough understanding of HIPAA Security IT Security standards.
- Understanding of NIST Risk Assessment methodology and critical security controls as they related to Halifax.
- Understanding project management methodologies.
- Understanding of identity management, intrusion detection, user provisioning, patch management, and data backup and recovery concepts.
- Knowledge of Microsoft Active Directory.
- Knowledge of cybersecurity tools, technologies and implementation methodologies.
- Knowledge of hospital operations and related cybersecurity needs of the organization.
- Advanced computer skills utilizing MS Office, MS Excel, MS Exchange/Outlook and project management tools.
- Ability to listen to others and flexibility to change course as new information is gathered on vulnerabilities and mitigations.
- Excellent communication and customer service skills. The ability to work effectively within a team and demonstrate leadership.
- Ability to deliver clear, concise presentations to communicate IT concepts to both IT professionals and departmental staff.
- Ability to adapt to an environment where priorities and strategies change on a regular basis. Must be able to remain calm during chaos.
Recognized as one of the 50 Top Cardiovascular Hospitals™ in the United States by IBM Watson Health™, Halifax Health serves Volusia and Flagler counties, providing a continuum of health care services through a network of organizations including a tertiary hospital, two community hospitals, urgent care clinics, psychiatric services, a cancer treatment center with five outreach locations, the area’s largest hospice, a center for inpatient rehabilitation, outpatient rehabilitation clinics, primary care walk-in clinics, a clinic specializing in women’s health, a pediatric care community clinic, five pediatric medical practices, a home health care agency and an exclusive provider organization. Halifax Health offers the area’s only Level II Trauma Center, Thrombectomy-Capable Stroke Center (TSC), Center for Transplant Services, Pediatric Intensive Care Unit, Child and Adolescent Behavioral Services, complete Neurosurgical Services, OB Emergency Department and Level III Neonatal Intensive Care Unit that cares for babies born earlier than 28 weeks. For more information, visit halifaxhealth.org.