Information Systems Security Officer

Overview:

We are seeking an experienced and dedicated Information System Security Officer (ISSO) to join our healthcare organization. The ISSO will be responsible for safeguarding sensitive health information, securing electronic health records (EHR), and ensuring compliance with healthcare-specific regulations such as HIPAA, HITECH, and NIST standards. This role is critical in protecting our systems and data from cyber threats, ensuring patient privacy, and maintaining trust in our care delivery systems.

Key Responsibilities:

1. Policy Development & Implementation

• Develop, implement, and maintain cybersecurity policies, procedures, and standards in alignment with healthcare regulations and industry best practices.
• Ensure alignment of security policies with organizational objectives and legal/regulatory requirements.

2. Risk Assessment & Mitigation

• Identify, assess, and prioritize security risks across IT systems, medical devices, and clinical technologies.
• Design and implement risk mitigation strategies and controls specific to the healthcare environment.

3. Security Monitoring & Incident Response

• Monitor IT systems for unusual activity or security threats, including threats to patient data and clinical systems.
• Investigate and respond to security incidents and breaches, ensuring prompt containment and remediation.

4. Compliance Management

• Ensure full compliance with HIPAA, HITECH, and other healthcare regulations.
• Maintain documentation for audits and regulatory reviews; coordinate with compliance officers and legal teams.

5. Security Awareness & Training

• Develop and deliver cybersecurity awareness training tailored to clinical and administrative staff.
• Promote a culture of security across all levels of the organization.

6. Security Technology Management

• Manage and maintain cybersecurity tools such as endpoint protection, EHR access controls, intrusion detection systems (IDS), data loss prevention (DLP), and SIEM tools.
• Collaborate with IT teams to ensure new technologies and systems are securely configured and compliant from day one.

Required:

• Master degree in Information Technology, Cybersecurity, or a related field.
• 3–5 years of experience in information security or IT in a healthcare setting.
• In-depth understanding of HIPAA, HITECH, NIST 800-53, and other relevant regulations.
• Hands-on experience with security tools, incident response, and risk management.
• Experience working with electronic health record (EHR) systems (e.g., Epic, Cerner).

Preferred:

• Certifications such as CISSP, CISM, CISA, HCISPP, or CEH