IT Compliance/Cyber Security Administrator
Griffin Hospital · Derby, CT · 1 wk ago
Information TechnologyFull-time
Responsibilities
- Works with legal counsel and management, key departments, and committees to ensure the organization establishes, maintains, and, where appropriate, provides appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization privacy-related practices and requirements.
- Establishes and administers a process for receiving, documenting, tracking, investigating, and acting on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, Initiates, facilitates, and promotes activities to foster information privacy awareness within the organization and related entities.
- Collaborates with the security officer to ensure consistency in development, documentation, and training for security and privacy requirements.
- Serves as the organization’s resource to regulatory and accrediting bodies for matters relating to privacy and security.
- Supports any audits concerning state or federal privacy laws or regulations.
- Develops and presents to management on an annual basis a report on privacy-related issues and compliance for the organization in the past 12 months.
- Develops a security training program. Ensures the security training program supports both the privacy training program and information security program.
- Collaborates with the Privacy Officer to develop and implement security policies, procedures, and guidelines necessary to direct and carry out the objectives of the organization information security program; research and recommend new security measures for implementation; and monitor and test the security practices employed for effectiveness.
- Maintains documentation regarding levels of access granted to each information system user in the organization and reviews these levels of access periodically and when the status of the workforce member changes – controlling access, as appropriate.
- Coordinates with the Privacy officer as outlined in Incident Response Plan.
- Oversees third parties who perform technical system maintenance activities in the organization and works with legal counsel to ensure that such third parties comply with appropriate security practices to comply with organization information security program.
- Develops and presents to management on an annual basis a report on security-related issues and compliance for the organization in the past 12 months.
Qualifications
- Experience working with legal counsel and management, key departments, and committees to establish and maintain privacy and confidentiality practices.
- Knowledge of regulatory and accrediting bodies related to privacy and security.
- Ability to develop and present reports on privacy and security compliance.
- Experience in developing and implementing security policies, procedures, and guidelines.
- Experience in overseeing third-party technical system maintenance activities and ensuring compliance with security practices.