Information Security Specialist

The Information Security Specialist is responsible for driving information security initiatives. The individual will perform internal and external security compliance monitoring activities, manage client compliance audits, IT control audits, security gap analyses and security risk assessments/analyses. This role will assist in the management of key compliance areas such as HIPAA and the implementation of administrative, physical, and technical safeguards, PCI DSS, policy, process, and procedure governance, and the implementation of industry standards.                     

ESSENTIAL JOB FUNCTIONS

1. Maintain security and compliance initiatives to ensure that corporate policies, standards, procedures, and audit activities are in alignment with business, IT, legal, and regulatory requirements.
2. Develop and maintain a comprehensive set of policies, standards, processes, and procedures to ensure compliance with industry standards (,e.g., the NIST Cybersecurity Framework, the HIPAA Security Rule, and applicable laws.
3. Maintain a written information security program (WISP) that ensures security policies, standards and process are being adhered to by the business.
4. Monitor electronic systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and evolving and emerging cybersecurity attack vectors.
5. Respond to electronic system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact with third-party incident responders, including law enforcement, and legal counsel.
6. Partner with IT leadership to administer authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets according to industry standards.
7. Lead the development, implementation and management of MTN’s WISP, ensuring compliance and auditing for improvements on an ongoing basis.
8. Ensure compliance with healthcare information security best practices and HIPAA.
9. Ensure compliance with, and management of, the MTN cybersecurity incident response plan and provide guidance for improvements on an ongoing basis in conjunction with the HIPAA Compliance Officer.
10. Monitor security trends and drive information security best practices throughout the organization.
11. Evaluate, design, test, and recommend new or improved controls to keep MTN current with industry standards and compliance requirements.
12. Work with third party firms and consultants to conduct independent security audits, vulnerability scans, and penetration tests including social engineering.
13. Work together with the business to provide an interface for client information security audits
14. Collaborate with IT, legal, and other teams by providing cybersecurity input and guidance in relation to MTN’s mission.
15. Conduct regular risk analyses, advise Senior Director, Information Technology Services and Senior management on appropriate recommendations and implement recommendations in an efficient and timely manner documenting remedial actions as directed. 
16. Be informed about changes to the HIPAA Security Rule and other applicable laws and their impact on MTN’s compliance obligations and business operations. 
17. Work with the Manager, Corporate Education & Development and HIPAA Compliance Officer to develop and administer, or provide advice, evaluation, and oversight for, ePHI information security training and awareness programs.

QUALIFICATIONS AND PHYSICAL DEMANDS

1. Undergraduate degree in information systems or a related field or similar experience leading cybersecurity/information security initiatives.
2. Five or more years experience managing security in a healthcare environment where HIPAA/HITECH regulations and guidelines for securing ePHI data required
3. Experience advising and mentoring diverse teams without direct authority of team members
4. Professional certification in the information security space preferred (e.g. CISM, CISSP, CISA, GIAC) or other security certification at a similar level.
5. Experience in cybersecurity or information security systems, (Cisco Firepower, Firewalls, SIEM, EDR and NDR)
6. Experience with the Security Risk Assessment Tool developed by the Department of Health and Human Services’ Office for Civil Rights.
7. Detail oriented, organized, excellent tracking/reporting skills, effective written and verbal communication.
8. Demonstrated understanding of business process analysis and how to use information technology to cost-effectively optimize business and clinical work processes.
9. Must maintain a valid driver’s license in accordance with MTN motor vehicle policy.  Must have reliable personal automobile transportation to be used with company reimbursement using IRS guidelines.  Must be able to travel within the service area by ground or air.
10. Ability to lift 50 pounds and transfer short distances.
11. Possess ability to operate telephones, computers and office equipment.
12. Ability to speak and communicate clearly in order to accurately convey information in person or by phone.
13. OSHA Category III – No exposure to bloodborne pathogens while performing assigned job duties.
14. Home internet and wireless phone access may be required.

MTN BEHAVIORAL COMPETENCIES

Belonging: Intentionally connects with colleagues by embracing differences and finding commonalities to create a workplace where all employees feel safe and genuine at work. Models the philosophy that lived experiences make individuals unique by respecting and seeking to understand beliefs, values and opinions that are new or different from their own. Represents through actions and influence, the idea that diverse perspectives make MTN stronger as we serve our mission.

Respect: Builds a positive and supportive foundation inviting open, honest, and clear communication. Fosters a sensitive, supportive, and trustworthy environment, which promotes active listening and strengthens rapport throughout all interactions. Cultivates teamwork through acceptance and inclusion by valuing differences and empowering strengths.

Excellence: Demonstrates excellence by going above and beyond, while maintaining compassion and humility in all interactions. Demonstrates a high rate of achievement and success for the organization through proactive objectives centered on the overall mission and vision. Consistently models a positive attitude, a willingness to help others, and a dedication to improvement. Takes full responsibility for their role and challenges themselves to find workable solutions.

Accountability: Demonstrates the highest ethical standards, by honoring commitments to each other and professional partners. Executes all interactions through honesty and transparency. Demonstrates responsibility and integrity through ownership of the mission. Utilizes resources appropriately.

Leadership: Empowers, mentors and encourages all staff, while displaying a high-level of professionalism. Demonstrates ability to cultivate teams and relationships through open lines of communication, honesty and respect. Handles challenges with compassion by developing trust through respectful feedback and support. Acts as a resource by providing the tools, which enable others to reach their highest potential.

It is the policy of Midwest Transplant Network (MTN) to provide equal opportunity in employment to all employees and applicants for employment.  No person will be discriminated against in employment because of race, color, religion, sex (including pregnancy), sexual orientation, gender identity, gender expression, ethnic origin, age, genetic information, disability, protected veteran status, arrest record, or any characteristic protected by applicable federal, state or local laws.  In addition, the organization complies with applicable state and local laws governing non-discrimination in employment in every location in which the organization has facilities.  This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training, employee activities and general treatment during employment

MTN is committed to complying with state and federal disability laws and makes reasonable accommodations when requested by a qualified applicant or employee with a disability to enable the applicant or employee to be  considered for the position he or she desires, to perform the essential functions of the position in question, or to enjoy equal benefits and privileges of employment as are enjoyed by other similarly situated employees without disabilities, unless the accommodation would impose an undue hardship on the operation of MTN’s mission.