Cyber Security Officer

Key responsibilities of the role

Managerial/Administration:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information are owned, controlled, or processed.

Technical:

• Liaising with management, stakeholders and customers:
• Advise management and users regarding security policies, procedures, and best practice and assist with solutions to support them.
• Raise the profile of security within the organization by being pro-actively involved with stakeholders and customers.
• Ensure that policy compliance is appropriate to the Hospital’s level of risk acceptance.
• Where necessary ensure that processes are documented and communicated in language that is relevant and understandable to international and /or non-technical audiences
• Develop and coordinate information security awareness and education programs.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls, and conducts risk pre-screening reviews and security sign-offs as appropriate for all application development projects.
• Risk management and monitoring:
• Support and deliver security initiatives as needed and be able to demonstrate and track progress to stake-holders.
• Deliver point services such as vulnerability assessments, project risk assessments, vendor assessments.
• Manage security incidents, working closely with the involved stakeholders.
• Review daily reports to provide oversight regarding changes to configurations and/or user changes on the network. Ensure change management procedures are adhered to.
• Hardware and Software procurement:
• Review hardware, software, and services being considered for purchase or implementation by the Hospital to assess security issues (strengths/risks) and assure proper information security features are incorporated to support business needs; provide security requirements to be included in RFPs for software and services.

Quality & Safety:

• Support the development, maintenance and implementation of information systems disaster recovery plans
• Adhere to the policy and procedures to ensure the protection of the facility's IT assets and the integrity, security and privacy of information entrusted to or maintained by the facility

Qualifications, Certifications and Experience:

• Bachelor's degree in computer information systems or equivalent
• CCNA, Security+, CEH, AZ-500, SC-300, SC-200
• CISM, CISSP, SC-600
• 5 years progressive experience specifically in information security of multiple platforms, operating systems, software, and network protocols.
• Experience in the Healthcare industry
• Knowledge of local and international regulations relevant to information security, privacy, and computer crime.
• Knowledge of network security threats and ability to implement preventative controls in-cluding firewalls, access controls, authentication systems, intrusion detection systems, VPNs, and cryptography.
• Knowledge of secure application programming guidelines; system development life cycles and limitations and capabilities of information systems.
• Knowledge of cloud security concepts, technologies, and best practices.
• Knowledge of network operating systems and client-server hardware and software.
• Skills in the use of vulnerability assessment and penetration testing tools with in-depth knowledge of network components such as bridges, routers, concentrators, cabling systems, and Ethernet in switched environments.
• Skill in identifying, analyzing, and mitigating security-related issues.
• Skill in configuring, deploying, and monitoring security infrastructure.
• Ability to develop and interpret standards, policies, and procedures and analyze systems and procedures, write and review standards and procedures, and handle multiple projects.
• Ability to complete project assignments within the allocated time frame, demonstrating patience and meticulousness in the implementation of information security solutions.