Company Name:
Sutter Health
Approximate Salary:

Location:
Roseville, California
Country:
United States
Industry:
Legal
Position type:
Experience level:
Education level:

Senior Information Security Architect

Description:

The Senior Information Security Architect (Architect) reports directly to the Chief Information Security Architect (CISA). The Architect is responsible for implementing solutions and activities related to the development, implementation, and improvement of the Sutter Health information assurance program in support of the CISA efforts to maintain compliance with applicable federal and state laws and regulations and outlined Sutter Health information security policies. The Architect is responsible for assuring that information assets are adequately protected using available solutions and information security best practices. Additionally, they are responsible for driving the design and development efforts related to information security architecture, data confidentiality, integrity and availability as it aligns with the enterprise roadmap. The Architect may interact w/ functional leaders to support broad technical initiatives. The Architect will work on highly complex projects that require in-depth domain knowledge of two or more specialized architecture areas, have a solid understanding of information security tools and best practices as well as regulatory and compliance requirements that impact the security of the organization, including HIPAA, HITECH, and PCI.

Qualification:

Education / Certification Bachelors Degree in Healthcare Administration, Information Technology-Security or related field is required. Certified in Information Security (CISSP, SSCP, GSEC, or HCISPP) is required. Technical Certifications (GCIH, GPEN, GCED, MCSE\: Security, CCSP, CEH) is required. Experience Significant experience working in healthcare regulatory compliance, and security compliance program management with the proven ability of conducting investigations and providing leaders with recommendations, as typically acquired during 5 to 7 years in a similar position Extensive experience utilizing security tools such as vulnerability scanners and log management tools Previous experience in a healthcare information security role Demonstrated professional ability to implement solutions and activities related to the development, implementation, and improvement of a information assurance program in support of the CISA efforts to maintain compliance with applicable federal and state laws and regulations and outlined company information security policies. Significant experience assuring that information assets are adequately protected using available solutions and information security best practices Extensive experience developing systems, templates, tools, and processes to identify and monitor indicators to measure compliance with security requirements Proven experience developing, implement, and maintain policies and procedures consistent with applicable federal and state information security laws Knowledge and SkillsExtensive knowledge regarding compliance with security regulations, Office for Civil Rights, Federal Sentencing Guidelines, and healthcare laws and regulations In-depth working knowledge of and experience implementing and operating an information security program based on HIPAA Security Regulations and other pertinent and applicable state and federal laws and regulations related to the protection of health information Working knowledge of electronic systems and emerging technologies that impact information security Working knowledge of management of an effective ethics and compliance program, including training, monitoring, conducting and documenting investigations, addressing violations, and monitoring corrective actions Demonstrated ongoing competency in compliance and risk management General knowledge of other disciplines outside own area of expertise, including business planning, clinical disciplines, human resources, finance, clinical and financial auditing, and information technology Strong understanding of information technology approaches, applications, tools, methodologies, and technology platforms Thorough knowledge of architecture and interrelationships (technical and functional) In-depth knowledge of information security standards with an emphasis on National Institute of Standards and Technology (NIST) cyber security standards, guidance, and special publications, and their application in the technical operational environment Extensive knowledge of applicable federal and state security laws and regulations, and a working knowledge of electronic systems and new technologies that may impact information security compliance Demonstrated ability to function effectively in a dynamic and challenging environment and to affect change Proven ability to analyze problems and issues and to understand the legal and operational impact of decisions from a variety of perspectives Demonstrated ability to initiate, plan, execute, and control activities to meet requirements and timelines of system-wide initiatives or projects that are frequently driven by new or changing regulations Excellent and dynamic verbal, written, and presentation skills, including the ability to translate complex legal and regulatory requirements and issues into terms readily understood by management, line, and clinical personnel Demonstrated ability to organize, prioritize, plan, and work effectively with managers to achieve compliance with objectives Demonstrated ability to maintain confidentiality and exercise good judgment as it relates to the handling of sensitive material Advanced level of competency using Word processing, spreadsheet, presentation, and office communications applications, preferably the Microsoft Suite Proven ability to translate and provide sound advice to senior management regarding the impact of emerging industry trends in compliance enforcement, legislation, and regulations on Sutter Health’s business strategies and it’s not-for-profit mission Demonstrated ability to understand and lead by communicating vision, exhibiting decisiveness, sponsoring change, and supporting the larger organization’s success Seasoned investigative skills, including the ability to skillfully obtain accurate, complete, and detailed information necessary to make accurate and well-founded determinations about compliance failure Demonstrated ability to plan, organize, implement, and evaluate compliance and risk management programs in a healthcare setting Conceptual, analytical, and problem-solving skills in a complex environment Tact, diplomacy, and ability to work with individuals in all levels of the organization Demonstrated ability to lead diverse ad-hoc teams and facilitate through conflict resolution to create successful team results Experience with Enterprise Technology Architecture models, including TOGAF, Zachman, and NIST Cyber Security Framework, and NIST 800-160 (System Security Engineering)