Information Security Officer in Indianapolis, IN at Eskenazi Health

Date Posted: 8/2/2020

Job Snapshot

Job Description

Organization: HHC

Division:Eskenazi Health  

Sub-Division: Hospital  

Req ID:  4926 

Schedule: Full Time 

Shift: Days 

Eskenazi Health serves as the public hospital division of the Health & Hospital Corporation of Marion County. Physicians provide a comprehensive range of primary and specialty care services at the 327-bed hospital and outpatient facilities both on and off of the Eskenazi Health downtown campus as well as at 10 Eskenazi Health Center sites located throughout Indianapolis.

FLSA Status


Job Role Summary

The Information Security Officer is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This position works with Eskenazi Health's leaders to prioritize security needs and related costs according to financial constraints and directives. The Information Security Officer is responsible for enhancing and improving physical security and cyber security by identifying Eskenazi Health's protection goals and objectives, and ensuring alignment with the organization's strategic plans.

Essential Functions and Responsibilities

  • Builds a strategic and comprehensive information security program that defines, develops, maintains and implements processes that enable consistent, effective information security practices
  • Develops and implements global policies, procedures, and plans related to: security of computer systems, networks and telecommunications; health information security and privacy compliance; business continuity, risk management, loss and fraud prevention; and emergency and incident response
  • Works closely with the Privacy Officer to ensure alignment between security and privacy compliance programs; acts as a liaison to the Information Systems and Compliance departments; assists with breach determination and notification processes under HIPAA and applicable state breach rules and requirements
  • Responsible for initial and ongoing information security risk assessment and analysis, mitigation and remediation; conducts audits to find holes in security platform
  • Establishes and administers a process for investigating and acting on security incidents which may result in a privacy breach
  • Identifies and prioritizes security initiatives and standards; addresses privacy, confidentiality and standards administration
  • Investigates security breaches; develops and directs technical teams in the investigation and resolution of a variety of complex health information privacy and security issues using a systematic approach
  • Establishes and maintains technical computer and network security systems and protocols
  • Establishes and maintains administrative computer and network security systems and protocols
  • Monitors and reviews logs of computer systems and network activities for possible unauthorized intrusion
  • Oversees, develops and delivers security training to hospital personnel at all levels relative to the privacy and security of health information
  • Researches and recommends appropriate hardware and software to implement and maintain health information privacy and security
  • Initiates, facilitates, and promotes activities to foster information security awareness within the organization
  • Evaluates security trends, evolving threats, risks and vulnerabilities; implements tools to mitigate risk as necessary
  • Collaborates with senior management, Privacy Officer, and Corporate Compliance officer to establish governance for the security program
  • Manages security incidents and events involving electronic protected health information (ePHI)
  • Ensures organization has audit controls in place to monitor activity on electronic systems that contain or use electronic protected health information (ePHI)
  • Oversees periodic monitoring and reviewing of audit records to ensure that activity is appropriate; includes but is not limited to logons and logoffs, file accesses, updates, edits and printing
  • Participates in the development, implementation, and ongoing compliance monitoring of all BA's and business associate agreements, to ensure security concerns, requirements, and responsibilities are addressed
  • Serves as information security consultant to all departments for all data security related issues

Job Requirements

  • Bachelor's degree in Information Systems or a related healthcare field required
  • Certified in Healthcare Privacy and Security (CHPS) certification and/or other healthcare industry related security credentials required
  • Certified Information Systems Security Specialist (CISSP) certification is preferred
  • Appropriate certification in risk management and/or health care compliance preferred
  • Five years progressive experience in health information security management, health information management, information systems and/or health risk management is required

Accredited by The Joint Commission and named one of the nation’s 150 best places to work by Becker’s Hospital Review for four consecutive years and Forbes list of best places to work for women, and Forbes list of America’s best midsize employers’ Eskenazi Health’s programs have received national recognition while also offering new health care opportunities to the local community. As the sponsoring hospital for Indianapolis Emergency Medical Services, the city’s primary EMS provider, Eskenazi Health is also home to the first adult Level I trauma center in Indiana, the only verified adult burn center in Indiana, the first community mental health center in Indiana and the Eskenazi Health Center Primary Care – Center of Excellence in Women’s Health, just to name a few.