This job has expired and you can't apply for it anymore. Start a new search.
Company Name:
Sutter Health
Approximate Salary:

Roseville, California
United States
Position type:
Experience level:
Education level:

Security by Design Information Security Officer


The Security by Design (SbD) Officer provides oversight and performs functions related to Sutter Health’s SbD program. The SbD Officer serves as an SbD subject matter expert, and consults with the Privacy by Design Officer, Chief Information Security Architect, area and affiliate Information Security Officers, and others on SbD-related questions and opportunities. This Officer assures SbD initiatives adhere to applicable federal and state regulations, develops and conducts periodic risk assessments, monitors key elements of the SbD program, and partners with the Privacy by Design Officer and Area Information Security Officers to ensure implementation of training programs for members of the workforce and physicians. In addition, the SbD Officer serves as a liaison with key stakeholders to ensure effective coordination of SbD initiatives throughout the organization and works with various stakeholders to proactively identify and prioritize security innovation, strategy, governance, and compliance needs. The SbD Officer reports directly to the Chief Information Security Architect.


Education / Certification Bachelors Degree is required.

Masters Degree or Juris Doctor is desired.

Security certification through, ISC(2) or other recognized national organization within 1 yr of hire is required.Healthcare Certified Information Security HealthCare Information Security and Privacy Practitioner (HCISPP) ( obtain within one year of hire) is required.

Experience • Experience in a healthcare leadership role with an emphasis on the implementation of an information security program as typically acquired with a minimum of three years’ experience • Experience conducting efficient and regular training, investigations, risk assessments, and auditing and monitoring activities Knowledge • An in-depth working knowledge of current HIPAA security regulations and other pertinent and applicable state and federal regulations related to Protected Health Information (PHI) • Well versed in Security by Design principles and frameworks (OWASP, NIST, US-CERT, Secure SDLC) within both on premise and cloud based architectures • Experience with Enterprise Technology Architecture models, including TOGAF, Zachman, and NIST Cyber Security Framework, and NIST 800-160 (System Security Engineering) • Knowledge of the foundational elements of an effective PbD program in order to adapt to a SbD program. Special Skills/Equipment • Must be familiar with personal computers and related software applications for presentations, spreadsheets, and word processing • Demonstrated ability to manage an information security program in an integrated healthcare delivery system • Proven ability to affect change and function effectively in a dynamic multi-facility environment • Ability to analyze problems and issues from a variety of perspectives to understand the legal, clinical, and human resource impact of decisions • Proven ability to bring creative solutions to problems • Knowledge and experience in organizational consensus building • Skills in designing curriculum to facilitate adult learning • Self-motivation and initiative • Project management skills, including the ability to initiate, plan, execute, and control activities to meet requirements and timelines of regional and system-wide initiatives or projects that are frequently driven by new or changing regulations • Excellent written, verbal, interpersonal, and presentation skills • Ability to present ideas and concepts effectively to management, physicians, and employees • Demonstrated ability to influence and change non-compliant behavior without direct line of authority