Cybersecurity, IT Compliance, Information Security
4 Year Degree/Bachelor Degree
The Information Security Officer is responsible for the design, oversight, and ongoing management of the information security program, including policies, procedures, technical systems, and workforce training in order to maintain the confidentiality, integrity, and availability of data within all of Company’s Information Systems.
If, in the opinion of the Information Security Officer, information security policies and procedures are not being followed or information security concerns are not being adequately addressed, the Information Security Officer shall convey that information to the most appropriate individual, in his or her opinion, including the Vice President, Information Technology; the Chief Compliance Officer; the General Counsel; or the President/CEO.
Outline of Responsibilities
The Information Security Officer will:
Draft, implement, manage, and enforce security policies and procedures related to PHI.
Ensure the ongoing integration of information security with business strategies and privacy requirements.
Work with Privacy Officer and Vice President, Information Technology for ongoing optimal application of technology functionality to protect regulated data.
In concert with Privacy Officer, lead information security awareness and training initiatives to educate workforce about policies, procedures, and information risks.
Manage internal and third party security risk assessment analysis processes and remediation including creation of the risk mediation plan.
Manage gap analyses and prioritization of gap closure. Respond to risk assessments of members and other participants:
Identify process improvements
Update standard answers to questions posed by participants
Review security surveys including SOC Reports from Vendors
Create an information security risk mitigation plan based on risk assessments with input from the Privacy Officer, Vice President, Information Technology and other relevant staff.
Perform ongoing security audits to assess effectiveness of policies, procedures, and Information Systems security safeguards.
Make recommendations to the Vice President, Information Technology regarding the ongoing integration of information security with business strategies and privacy requirements.
Work with vendors, outside consultants, business associates, and other third parties to improve information security practices.
Lead the security incident response team in prevention, investigation, mitigation, and reporting activities.
Work with Human Resources to ensure appropriate sanctions for violations of information security policies.
Develop budgets related to the information security program. Recommend system enhancements via capital and operating budget planning to keep pace with privacy and security technology advances.
Collaborate with VP of Information Technology on the prioritization of information system maintenance activities (whether completed by members of your workforce or vendors).
Ensure that vendors comply with contractual obligations related to information security.
Support continuity planning. Conduct business impact analysis and manage the remediation of issue identified. Conduct annual disaster recovery testing and adopt remediation plan.
Support plans for emergency mode of operations (including access to regulated information).
Support information and information system recovery and resumption of routine practice operation after an emergency. Coordinate the improvement and implementation of the Emergency Mode operation plan. Update Information Technology items in the Emergency Preparedness Plan.
Lead security response team in investigating and developing appropriate responses to complaints and incidents related to information security. Carry out periodic security risk assessments in conjunction with privacy requirements.
Manage the security audit program and coordinating action plans for applicable Company departments when necessary to make improvements.
Document and maintain all risk analyses and remediation actions taken by Company to reduce information security risks.
Document the processes that lead to regulatory compliance.
Document the links between technical solutions and security policies.
Manage retention of performance improvement activity documentation for security functions and compliance responsibilities.
Coordinate security survey regulatory activities and participate in accreditation surveys with external survey bodies.
Maintain current knowledge of federal and state privacy and security laws and regulations and industry best practices (e.g., NIST, ISO).
Serve as a security resource to executive management, employees, business associates, and external bodies such as association members and government agencies.
Bachelor’s Degree in Information Systems, Computer Science, Health Information Management, or other relevant field. Five years’ experience in information security required, with a strong preference for experience with health information. Security certification required: Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy and Security (CHPS), or similar certification. Work experience preferred with federal and state privacy and security laws, regulations, and accreditation standards for maintaining information security and confidentiality preferred. Knowledge of technical infrastructure security components and integrated, computerized rules-based systems a must.
Equal Opportunity Employer – race, sex, veteran or disability status, gender identity, sexual orientation
The Illinois Health and Hospital Association (IHA), with offices in Chicago, Naperville,
Springfield, Brookfield, Wisconsin and Washington D.C., represents more than 200 hospitals
and health systems as they care for their patients and communities. Its members range from
major academic medical centers and teaching hospitals that train tomorrow’s doctors and
nurses, to community hospitals that transform advances in medicine and technology into better
lives for patients, to rural and critical access facilities that bring high-quality patient care to the
less populated regions of Illinois, to specialty institutions that care for patients in need of
behavioral health, long-term care, or rehabilitation services.
Since IHA was formed in 1923 (and combined with MCHC in January 2016 to form an
integrated, statewide organization), its mission has been to strengthen and unite hospitals and
make high-quality, affordable health care available to all Illinois residents at the right time and in
the right setting. To make this possible, IHA advocates for a redesigned health system and
sustainable funding -- including new models of healthcare delivery and payment -- that support
the ...Triple Aim of healthcare.
IHA’s core role is to be the trusted voice, resource and partner for Illinois hospitals representing
their interests at the local, state and national levels to ensure sustainable resources, the highest
level of quality care and transformation of healthcare delivery. In addition to its advocacy and
policy work on behalf of its members, IHA provides innovative business and performance
solutions, services and tools, including patient care and quality improvement initiatives and
collaboratives, data analytics, purchasing and insurance services. IHA also provides a
comprehensive portfolio of educational programs for members on critical healthcare issues and
The President & CEO and a Board of Trustees of 23-28 members, direct IHA advocacy and
member priorities. Member forums for safety net hospitals, small and rural hospitals, behavioral
health, investor-owned hospitals, and volunteers, as well as councils and task forces, provide
members opportunities to participate in the Association’s policy development process.