** Information Security Officer**
? AddThis Sharing Buttons
**Category**
Information Technology
**Job Location**
Remote, WI
**Requisition Number**
1708500
**Position Type**
Full-Time/Regular
**Remote**
The Technology Security Officer is responsible for the Rogers Behavioral Healths Security Program including but not limited to daily operations of the Information Technology (IT) security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity, and access of electronic protected health information and of monitoring program compliance as well as investigation and tracking of incidents and breaches and in compliance with federal and state laws.
**Job Description:**
* Builds a strategic and comprehensive information security program that defines, develops, maintains, and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality, and availability of information that is owned, controlled, and processed within the organization. Ensures information security policies, standards, and procedures are current.
* Initiates facilitate and promote in collaboration with the V.P. of Clinical Technology Services, activities to foster information security awareness within the organization.
* Creates a culture of cyber security both with the IT organization and driving behavioral changes for the business.
* Evaluate security trends, evolving threats, risks, and vulnerabilities and applies tools to mitigate risk as necessary.
* Manages security incidents and events involving electronically protected health information (ePHI).
* Overseeing the periodic evaluation of Rogers security procedures and implementing administrative, physical, and technical safeguards to determine whether Rogers is making reasonable efforts to comply with the HIPAA Security Rule
* Responsibility for addressing issues related to access controls, business continuity, disaster recovery, and incident response.
* Participates in the development, implementation, and ongoing compliance monitoring of all BA’s and business associate agreements, to ensure -security concerns, requirements, and responsibilities are addressed.
* Collaborates with Rogers senior management, Privacy Officer, General Counsel and top Compliance leader to establish governance for the security program.
* Serves in a leadership role for security compliance.
* Works closely with the Privacy Officer to ensure alignment between security and privacy compliance programs including policies, practices, and investigations, and acts as a liaison to the information systems and compliance departments.
* Is responsible for initial and periodic information security risk assessment/analysis, mitigation and remediation. Responsible for development and implementation of security risk management plan.
* Ensure organization has audit controls to monitor activity on electronic systems that contain or use electronic protected health information.
* Oversee periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits and printing.
* Ensure the organization has and maintains appropriate system use and disclosure / confidentiality statement.
* Oversees, develops and/or delivers initial and ongoing security training to the workforce. Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities
* Participates in the development, implementation, and ongoing compliance monitoring of all BA’s and business associate agreements, to ensure -security concerns, requirements, and responsibilities are addressed.
* Assists Privacy Officer as needed with breach determination and notification processes under HIPAA and applicable State breach rules and requirements.
* Establishes and administers a process for investigating and acting on security incidents that may result in privacy breach breaches.
* Partners with Human Resources and Privacy Officer to ensure consistent actions for security violations
* Maintains current knowledge of applicable federal and state security laws, licensing and certification requirements, and accreditation standards
* Cooperates with the U.S. Department of Health and Human Service’s Office for Civil Rights, State regulators and/or other legal entities, and organization on officers in any compliance reviews or investigations
* Serves as an information security consultant to all departments for all data security-related issues
**Required Experience:**
* Bachelors degree in information systems or a related technology healthcare field is required, with advanced work in Security or technology Healthcare preferred
* 5+ years of experience with the legal requirements relating to privacy and health care operations, as well as the ability to communicate effectively with and coordinate the efforts of technology and non-technology personnel. Information security will cover legal issues, hardware, and software security, as well as physical security
* Knowledge of HIPAA, state, and federal guidelines on security, transactions, and security
* Recommended Security certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry-related security credentials
* Position *may* require COVID vaccination or medical/religious exemption based on future CMS mandate
**Benefits:**
* Comprehensive benefits package (medical, dental, vision, etc.) for positions of 30 hours or more per week.
* Childcare reimbursement offered for positions of 20 hours or more per week.
* Gainshare bonus based on company goals.
* 401k with matching contribution that is fully vested from day 1.
* Loan relief, tuition reimbursement and scholarship opportunities.
**ABOUT ROGERS BEHAVIORAL HEALTH**
Rogers Behavioral Health is a nationally recognized, not-for-profit provider of highly specialized psychiatric care. Rogers offers evidence-based treatment for children, teens, and adults with OCD and anxiety, addiction, depression and other mood disorders, eating disorders, trauma, and PTSD. Backed by more than a century of experience, Rogers is leading the way on measurement-based care and use of clinical outcomes. Rogers provides residential care and has three inpatient facilities located in southeastern Wisconsin. Rogers also offers outpatient services in a growing network of communities across the U.S.
*The System also includes* *, which supports patient care, programs, and research; and* *, an initiative that works to eliminate the stigma of mental health challenges. For more information, visit* *.*
EOE/MFDV
