Job Description :
Job Title: Enterprise Information Security
Work Location: Sioux City, Iowa
Duration: Full Time, Permanent
Interview Mode: Telephone/Skype and In-Person

Position Purpose:
Provides oversight of the information systems security operations and initiatives in an assigned RHM within the Trinity Health organization. The Information Security Manager implements system standards and reduces local variation at a Regional Health Ministry.

Works under the leadership of the Director – RHM Information Security to develop recommendations for operations leadership, and implements and maintains Trinity Health’s approach to information security in an effective and efficient manner that is both balanced and consistent with the mission, values, and operating goals of Trinity Health.

Assists and supports the Director – RHM Information Security in ensuring all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements. Performs risk analysis on new projects, security exceptions, and audit issues.

Provides governance responsibilities over the security operations of outsourcer vendor(s), infrastructure Third Party Partners (TPP) and Cloud service providers.

Acts as an advocate and resource on information security for various Regional Health Ministry areas and/or system-wide initiatives (EMR, patient satisfaction surveys, etc Assists business owners of various information resources in fully addressing security issues.

Preferred additional skills/certifications:
1. Certified Information Systems Security Professional (CISSP)
2. Certified Information Systems Auditor (CISA)
3. Certified Information Security Manager (CISM)
4. Cyber Security Forensic Certification (CSI)
5. Certified Ethical Hacker (CEH)
6. CompTIA Security+
7. The Offensive Security Certified Professional (OSCP)
8. Global Information Assurance Certification (GIAC)
Job Description Details:
1. Provides oversight of the information systems security operations and initiatives in an assigned RHM within the Trinity Health organization. The Information Security Manager implements system standards and reduces local variation at a Regional Health Ministry.
2. Works under the leadership of the Director – RHM Information Security to develop recommendations for operations leadership, and implements and maintains Trinity Health’s approach to information security in an effective and efficient manner that is both balanced and consistent with the mission, values, and operating goals of Trinity Health.
3. Assists and supports the Director – RHM Information Security in ensuring all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements. Performs risk analysis on new projects, security exceptions, and audit issues.
4. Provides governance responsibilities over the security operations of outsourcer vendor(s), infrastructure Third Party Partners (TPP) and Cloud service providers.
5. Acts as an advocate and resource on information security for various Regional Health Ministry areas and/or system-wide initiatives (EMR, patient satisfaction surveys, etc Assists business owners of various information resources in fully addressing security issues.

ESSENTIAL FUNCTIONS
1. Knows, understands, incorporates and demonstrates the Trinity Health Mission, Vision and Values in behaviors, practices and decisions.
2. Functions as the primary contact for Information Security in a RHM .
3. Advises TIS and Regional Health Ministry (RHM) leadership on enterprise security strategy, security architecture, and security design work; works with business stakeholders to define Information Security processes.
4. Works collaboratively with the Senior Security Managers and the Security Officers to standardize information security industry best practices.
5. Represents the Director – RHM Information Security, when applicable, on Information Security matters as well as serve as Information Security liaison with RHM Privacy Officials.
6. Reports regularly to the RHMs senior management regarding the status of compliance and mitigation of information security issues identified. Participates in site-specific meetings.
7. Participates in the development and promotion of Information Security information for general awareness.
8. Develops and implements RHM-specific security policies, procedures, and processes (Policies and standards will be consistent with Trinity Health policies and standards and national regulations.
9. Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives.
10. Conducts security risk assessments and the identification and mitigation of vulnerabilities.
11. Performs assessments of vulnerabilities, security alerts, controls, and threats to define the risk landscape.
12. Develops and proposes strategies and plans to mitigate identified risks.
13. Recommends and obtains approval for Security Exceptions with emphasis on least cost with minimum risks.
14. Responds to audit points and tracks to resolution.
15. Develops and provides oversight of the user access control systems by providing controls, processes, and procedures to prevent unauthorized access, Modification, disclosure, or destruction of Trinity Health information.
16. Establishes and administers processes to positively identify all users, devices, applications and services prior to being able to use any Trinity Health application or system.
17. Provides oversight and assistance in the resolution of reported security incidents.
18. Coordinates activity with the RHM Security Official and Privacy Official, where applicable. Interfaces with Legal in response to inquiries from governmental agencies (i.e., the Office for Civil Rights (OCR) and others), Joint Commission, Legal Services Group (LSG), MBO and CHI management relative to any compliance reviews or investigations within assigned region.
19. Maintains a working knowledge of applicable Federal, State and local laws and regulations, Trinity Health Corporate Integrity Program, Code of Ethics, as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical and professional behavior.
20. Other duties as assigned.

MINIMUM QUALIFICATIONS
1. Bachelor’s degree or an equivalent combination of education and experience.
2. Minimum of five (5) years of progressive experience in information services including three (3) years in information security, including experience in compliance with federal and state security regulations.
3. Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA) or Certified Information Systems Auditor (CISA), preferred. May substitute an equivalent combination of education and experience.
4. Must possess a good understanding of enterprise security best practices relating to implementing and managing enterprise security solutions.
5. Strong knowledge of HIPAA, ISO 27001/2, FISMA, FIPS, and NIST security.
6. Ability to apply advanced technical knowledge and analytical skills within information security using diverse technologies in a complex security environment.
7. Must be team oriented, supportive, and committed to excellence and possess high level of initiative and self-motivation with demonstrated work ethic.
8. Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to “go the extra mile” every time for the customer.
9. Ability to work independently, manage multiple priorities and to effectively adapt to rapidly changing technology and business needs with demonstrated ability to prioritize projects and work load.
10. A personal presence which is characterized by a sense of honesty, integrity and caring with the ability to inspire and motivate others to promote the philosophy, mission, vision, goals and values of Trinity Health.

Diversity and Inclusion
Company employs more than 120,000 colleagues at dozens of hospitals and hundreds of health centers in 21 states. Because we serve diverse populations, our colleagues are trained to recognize the cultural beliefs, values, traditions, language preferences, and health practices of the communities that we serve and to apply that knowledge to produce positive health outcomes. We also recognize that each of us has a different way of thinking and perceiving our world and that these differences often lead to innovative solutions.
Trinity Health''s Commitment to Diversity and Inclusion
Trinity Health''s dedication to diversity includes a unified workforce (through training and education, recruitment, retention and development), commitment and accountability, communication, community partnerships, and supplier diversity.