ToledoRecruiter Since 2001
the smart solution for Toledo jobs

Chief Information Security Officer

Location: Toledo
Posted on: January 26, 2023

Job Description:

The Chief Information Security Officer is responsible for the organization's Security Program including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity and access of electronic protected health information and of monitoring program compliance as well as investigation and tracking of incidents and breaches and in compliance with federal and state laws. This position works closely with the CTO and business line CIOs to ensure that application and technical infrastructure is architected, implemented and operated in a manner that support operational requirements including system stability and resiliency along with all relevant external security and compliance requirements. ACCOUNTABILITIES 1. Build a strong working relationship with Information Systems and senior leadership that is based on matrix leadership. 2. Build a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization. 3. Ensure information security policies, standards, and procedures are up-to-date. 4. Initiate, facilitate, and promote activities to foster information security awareness within the organization and related entities. 5. Create a culture of cyber security both with the IT organization and driving behavioral changes for the business. 6. Evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to mitigate risk as necessary. 7. Manage security incidents and events involving electronic protected health information (ePHI). 8. Ensure that the disaster recovery, business continuity, risk management and access control needs of the facility are addressed. 9. Ensure the institution/organization complies with the administrative, technical and physical safeguards. 10. Represent information systems responsibilities related to the Enterprise Risk Management program including annual risk prioritization, documentation of mitigation plans and quarterly progress updates. 11. Collaborate with the organization's senior management, Privacy Officer, and Corporate Compliance Officer to ensure relevant security and privacy requirements are identified and appropriately addressed. 12. Serve in a leadership role for security compliance. 13. Work closely with the Privacy Officer to ensure alignment between security and privacy compliance programs including policies, practices and investigations, and act as a liaison to the information systems and compliance departments. Represent information systems on the Corporate Data Governance committee. 14. Be responsible for initial and periodic information security risk assessment/analysis, mitigation and remediation as well as the development and implementation of the security risk management plan. 15. Ensure the organization has audit controls to monitor activity on electronic systems that contain or use electronic protected health information. Serve as the primary contact for Internal and External audit activities. 16. Oversee periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits and printing. 17. Ensure the organization has and maintains appropriate system use and disclosure / confidentiality statement. 18. Oversee, develop and/or deliver initial and ongoing security training to the workforce. 19. Participate in the development, implementation, and ongoing compliance monitoring of all BA's and business associate agreements, to ensure -security concerns, requirements, and responsibilities are addressed. 20. Assist Privacy Officer as needed with breach determination and notification processes under HIPAA and applicable State breach rules and requirements. 21. Establish and administer a process for investigating and acting on security incidents which may result in a privacy breach. 22. Partner with Human Resources and Privacy Officer to ensure consistent sanctions for security violations. 23. Partner with Legal for electronic litigation related holds and production notices. Define appropriate data retention rules and coordinates the implementation across all applications and infrastructure. 24. Maintain current knowledge of applicable federal and state security laws, licensing and certification requirements and accreditation standards. 25. Cooperate with the U.S. Department of Health and Human Service's Office for Civil Rights, State regulators and/or other legal entities, and organization on officers in any compliance reviews or investigations. 26. Serve as information security consultant to all departments for all data security related issues. Education: Bachelor's Degree in Related Field Years of Experience: 10 to 15 years of Business and Leadership experience PREFERRED QUALIFICATIONS Education: Masters Degree Years of Experience: 15+ years Business and Leadership experience ADDITIONAL EXPERIENCE 1. A minimum of 15 years' total business experience with a blended background in IT security, business and possibly technical services and networks. 2. A minimum of 10 years' experience in a leadership role with an emphasis on the implementation of a privacy and information security program is required. 3. Knowledge and experience in state and federal information security laws, with a preference for some experience with HIPAA, NIST, PCI and other applicable regulations. 4. A preference for being Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related security credentials. 5. Experience in a healthcare leadership role with an emphasis on the implementation of a privacy and information security program in a patient care environment as typically acquired with a minimum of 10 years' experience is preferred. 6. Well-developed interpersonal and communication skills with the ability to effectively communicate at all levels of the organization and communicate to the board of directors in a clear manner about how information security impacts the business. 7. Personal qualities should include: exceptional hands on leadership skills, the ability to work well as a team, strong communication skills and high emotional intelligence to build relationships and influence change. 8. Demonstrated experience in change management ideally with some experience working in a matrix organization. ProMedica is a mission-based, not-for-profit integrated healthcare organizational headquartered in Toledo, Ohio. For more information, please visit Qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, religion, sex/gender (including pregnancy), sexual orientation, gender identity or gender expression, age, physical or mental disability, military or protected veteran status, citizenship, familial or marital status, genetics, or any other legally protected category. In compliance with the Americans with Disabilities Act Amendment Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a job with ProMedica, please contact

Keywords:, Toledo , Chief Information Security Officer, Other , Toledo, Ohio

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Ohio jobs by following @recnetOH on Twitter!

Toledo RSS job feeds