IT Compliance and Security Director
Position Code: 340
Department: Systems Operations Programming
Location: Little Rock, Arkansas
Immediate Supervisor: Tim Beasley
Posted: January 23 2018
Essential Functions of Job:• Work with all members of the IT team to maintain and update all IT controls, standard procedures, policies and enforcement of processes to enable compliance with regulatory requirements • Perform periodic information risk assessments and audits to ensure that information systems are adequately protected to meet all appropriate requirements (HITECH, HIPAA, and associated IT controls) • Analyze internal controls program test results and work with IT Management to prepare management responses to all findings • Serve as IT Compliance Coordinator and ensure a positive compliance culture is maintained within IT • Review all IT internal procedures to ensure compliance under HITECH and HIPAA policies (existing IT controls) and report findings to IT Management • Define, implement, and maintain information security policies, standards and procedures • Design, develop, or recommend integrated security system solutions that will ensure appropriate protection of sensitive data • Support all audit efforts related to information security and or compliance through close collaboration with both internal stakeholders as well as external auditors • Perform Technology Risk Assessments on concepts, solutions, products, services or processes • Work with business unit owners and technology partners to ensure controls are in place and being executed • Develop / Enhance / Support information risk and security programs related to system and data protection efforts across the company • Lead and manage information security awareness and training initiatives • Stay abreast of changing pertinent regulation and perform analysis of regulations that impact our organization and update our internal controls as those applicable regulations change • Assist in tracking and maintenance of action plans for the resolution of issues identified during assessment and audits. Perform analysis and reporting of compliance gaps • Ability to report to the office
Qualifications:• Bachelor’s degree in Information Systems, Management Information Systems, or Business Administration OR an additional 4 years of relevant experience. Significant and relevant technical experience meeting the job description may be substituted for degree requirements • Effective organizational and prioritization skills • Must possess excellent technical writing and communication skills in order to properly communicate procedures, policies, and compliance status • Ability to work in a fast paced multi-tasking environment • Advanced knowledge of Microsoft Office software applications (Word, Excel, Outlook, Access) • Ability to closely track progress against a plan and strict adherence to deadlines • Embraces constructive feedback and continually seeks to improve performance • Understanding of IT technologies and processes, such as protocols, infrastructure, middleware, networking, software and hardware preferred • Familiarization around Data Loss Prevention (DLP) tools a plus • Minimum of 3 years’ experience working in Information Technology disciplines 1 of which must be working with HIPAA related controls preferred • A solid technical background working in a Windows-based environment (i.e., AD, LDAP, etc.) desired • A basic understanding of rules and regulations pertaining to IT regulatory compliance requirements and standards such as HIPAA, HITECH and CoBIT considered a plus • Understanding of IT technologies and processes, such as protocols, infrastructure, middleware, networking, software and hardware desired
The Company considers applicants without regard to race, color, national origin, sex, religion, mental or physical disability, marital status, age 40 years and over, sexual orientation or gender identity, veteran's status, or other characteristic protected by applicable law.
Applications for this vacancy will be received for 3 working days after the Posted date from Employees of HealthSCOPE Benefits with more than one year of service.
Applications for this vacancy will be received for 10 working days after the Posted date from External Applicants.