• Serves as the organization’s Chief Information Security Officer (CISO).
• Conduct business in compliance with McLeod Health’s Code of Conduct and immediately reports violations to the designated authority and helps investigate alleged wrongdoing.
• Interpret applicable federal and state law and regulations to plan audit parameters, determine compliance with such regulations and communicate necessary changes in compliance with regulatory requirements.
• Develop and execute a system-wide compliance audit plan, effective tools, and methodologies to ensure data integrity and compliance with federal and state regulations pertaining to healthcare program requirements for information technology security.
• Ensure McLeod Health is appropriately monitored for IT security compliance.
• Maintain a focus on high-risk areas to determine if appropriate controls are in place to adequately mitigate risks.
• Works collaboratively with others across the organization to help resolve areas of identified security risks.
• Develop an understanding of the operations, systems processes and procedures used in the areas being audited.
• Conduct security audits and review the results then devises appropriate recommendations and corrective action plans.
• Manages the performance of subsequent audits to ensure completeness and oversees the execution of corrective action plans.
• Work in conjunction with the HIPAA Privacy Administrator on the successful developments, execution, and completion of the annual HIPAA Audit Schedule.
• Evaluates the IT threat landscape and devises cybersecurity policy and controls to reduce risk by conduction auditing and compliance initiatives.
• Contribute to the development of cyber resiliency to rapidly recover from hacking, security incidents or infringements.
• Participate in the development and/or enhancement of an information security management framework.
• Develop and deploy continuous cybersecurity training.
• Recommend appropriate industry standard policies and procedures and advises on content.
• Serves as a security liaison to Network Services.
• Generate periodic reports to the Corporate HIPAA Office on the state of IT security compliance.

Required Qualifications:

• Bachelors Degree in business related discipline required.

Preferred Qualifications:

• Minimum of five years of healthcare auditing experience preferred.
• Be able to demonstrate a competence in performing audits, produce reports, formulate remediation or mitigation plans, and conduction follow-up audits.
• Must have project management experience.
• Must have proficiency in MS Office applications.
• Certification in industry related discipline preferred.

Physical Requirements: Refer to Occupational Risk Assessment