Vidant Health offers comprehensive Information Technology (IT) services and infrastructure to support and enable all aspects of organizational operations. Our IT division consists of a state-of-the-art data center located in Greenville, NC. The data center services all information technology needs of Vidant Health facilities. All Vidant Health owned or leased hospitals are on a common IT platform, including our electronic health record (EHR) that uses Epic's suite of applications. Vidant Health has achieved Meaningful Use Stage 2 recognition and is also approaching Stage 7 for HIMSS Analytics’ Electronic Medical Records Adoption Model (EMRAM) recognition.
The Manager of Information Security Architecture and Engineering manages the development, execution and operations of Vidant Health´s information Security Architecture and Engineering processes across the health system. This position assists in the development, implementation and maintenance of the information security architecture and engineering program. The manager will be responsible for an information security architecture framework and standards that governs security practices system wide, enabling risk based control decisions to protect the confidentiality, integrity and availability of electronic personal health information PHI. The manager will be responsible for key activities including key oversight of information security engineering and drive implementation of the target security architecture. This position is graded at a manager level, but the candidate is expected to be a very hands on active member of the team helping to drive objectives forward as much, or more, than their team members.
Manage information security architecture gap and capability assessments, refresh cycle, approval process.
Define and manage the information security controls and counter measures. Align third party security program needs with information security risk management process.
Work with peers in Vidant Health Office of Audit and Compliance and Information Systems to leverage existing compliance processes to realize efficiencies where possible.
Work with Manager of Security Operations and Compliance to develop library of authoritative requirements for information security ranging from regulatory requirements to health care provider industry practices e.g. HIPAA Security rules, HITSP, CCHIT, ISO 27001 and 2, etc. . Refresh Information Security policy, compliance, and risk management capabilities based on authoritative requirements regularly.
Participates and consults with business operating units to identify the IS implications of their strategic and operating plans. Identify and recommend opportunities to leverage existing systems and/or new and emerging technologies where appropriate.
Contributes to the development of a multiyear roadmap for overall Information Security Program. Specific areas of responsibility include security architecture, incident management, forensics and event monitoring.
Applies rigorous testing and quality assurance techniques to all system changes and strictly adhere to Change Control processes.
Conducts and/or coordinates post implementation audits to ensure that application systems and technologies are fully and appropriately utilized. In collaboration with business partners, design and implement system enhancements to meet dynamically changing business requirements and take advantage of ongoing vendor supplied system enhancements.
Participates in the annual external financial audit of security and controls and annual IS risk assessment across the health system. Participates in internal audits, as appropriate, as identified in the annual audit plan. Develops and implements action plans to address any gaps identified during the audit process.
Bachelors degree in healthcare, computer technology, information management or related field required. Masters degree desirable
2 years experience working within the Healthcare Industry
2 years experience with regulatory controls such as HITECH Act and HIPAA Laws
Certifications such as:
Certified Information System Security Professional CISSP Certified Information System Auditor CISA
Certified in the Governance of Enterprise IT CGEIT
Certified Information Security Manager CISM
HealthCare Information Security and Privacy Practitioner HCISPP
Three to five years of experience in IS audit and compliance, with a strong operational background and proven track record of accomplishments in Information Services within a large, complex, multi location organization.
Demonstrated track record implementing and successfully leading often through work products an IS compliance program is strongly preferred.
Seasoned professional with health care experience that has a deep understanding of health care operations as well as the current business issues and trends influencing health care providers is desired.
Additional Salary Information: Commensurate with experience
Vidant Health, located in eastern North Carolina, is a comprehensive health system that is made up of 8 hospitals that serve 1.4 million people in 29 counties. Vidant Health includes Vidant Medical Center, community hospitals, physician practices and partners that collaborate with Vidant Health to enhance the quality of life of our patients.
Vidant provides paid time off and a comprehensive ben...efits package including but not limited to medical, dental, life and disability insurance and a 401(k) retirement plan. Benefits begin the first day of employment.
We are located in Greenville, NC which is located in the heart of North Carolina’s coastal plain, just a short drive from the famous Outer Banks beaches, the Blue Ridge Mountains and the attractions in the Triangle area (Raleigh, Durham and Chapel Hill). Greenville is home to East Carolina University, an integral part of North Carolina’s excellent university system. Greenville offers the best of urban amenities and a friendly environment.