• Under the direction of the CISO and VP of Information Security, responsible for implementing CHNCT’s information security program, including information risk management, third party risk assurance, and security operations.
• Manages the Information Security operational staff and assigned contract employees and services.
• Ensures that security operations enable the organization to remain compliant with HIPAA security regulations, CT security regulations, HITRUST Common Security Framework (CSF), and other applicable security regulations and standards, including NIST CSF, to ensure the confidentiality, integrity, and availability of CHNCT’s data and systems.
• Administers an incident reporting and tracking process along with action plans for mitigating security incidents.
• Participates in the development, implementation and monitoring of a strategic, comprehensive enterprise information security and risk management program providing input on system security strategies, policies, procedures, and related infrastructure.
• Works directly with the business units to facilitate information security and information technology risk assessments and risk management processes, requests for change (RFC), service requests, and approvals.
• Supervises staff including time and attendance, performance management, salary and merit management, discipline, and work assignments.
• Responsible for acting independently, in conjunction with the CISO and senior OISR staff, and through management of the team, to perform the following activities: Maintains CHNCT’s Security Risk Management Program and Risk Register. Provides regular and comprehensive written security status reports and risk mitigation recommendations to the CISO; Performs and directs security auditing/monitoring, testing, and reporting; Contributes to the development and implementation of security architecture, standards, procedures, and guidelines for multiple platforms in diverse system environments; Leads or participates in incident response teams as necessary; Oversees the Business Continuity Plan (BCP) including updates, business impact analysis (BIA), and plan testing; Reviews the development, testing and implementation of security plans, products, and control techniques; Consults with CISO, Information Security Architect, Information Security Assurance Program Manager and staff in the design and implementation of new or modified information security processes; Recommends new security tools to management, and reports and provides guidance and expertise in their implementation; Identifies, leads, investigates, and recommends appropriate corrective actions for information security incidents and is knowledgeable in forensic investigations, data recovery and the handling of digital evidence; Conducts third party and application security assessments; Oversees and advises on access control and account administration of critical information resources and key users; Acts as a liaison to IT and product groups and assists them in the implementation of security technologies and applications security. Works in conjunction with technical counterparts to remediate audit and security findings; Oversees operational activities including exceptions to security controls, data loss prevention (DLP) rules management and investigations, email phishing analysis and response, vulnerability management, threat intelligence, and system review board analysis and processing; Participates in developing and managing the department budgets; and Performs related duties as assigned or requested.
• Directs the team to design, implement and maintain information security systems to support the Information Security Management Program. (ISMP).
• Ensures compliance with established policies and procedures and security standards under HIPAA/HITECH, HITRUST, and other applicable frameworks and regulations.
• Monitors, assesses, and audits, per policy, all aspects of the ISMP, including security systems and infrastructure, endpoints, servers, network infrastructure, and identity and access.

Required Qualifications:

• Current CISSP or other equivalent/approved information security certification required.

Preferred Qualifications:

• 4 years post-secondary schooling or equivalent experience and professional training
• Bachelor's degree preferred, Master’s desirable
• Ten plus years of solid progressive work experience, including at least 5 years in management in Information Security as a primary job or an equivalent combination of education and work experience in a Healthcare Information Security environment. Familiar with local and federal laws concerning Information Security and relevant specific security guidelines such as HIPAA/HITECH, HITRUST, and NIST. Knowledge of the healthcare industry and operations.
• Knowledgeable in the management and setup of security related software and hardware. Excellent analytical ability, strong judgment and problem analysis and a broad knowledge of business function(s), information technologies and Information Security best practices. Knowledgeable in risk assessment and threat modeling. Highly developed communication, negotiation, presentation, and consensus building skills. Knowledge of new and trending technology including Artificial Intelligence, layered security principals, tactics, and techniques. Familiarity with many of the following:
• Modem WAN/LAN Networking
• SaaS, Cloud services and delivery models
• Network monitoring utilities, patch management, VMware, Citrix, Windows Servers and OS
• Virtualization
• Operating systems and associated security and access control models
• Proper dev/test/prod practices
• Modern coding languages and APIs
• Security Service Edge (SSE aka SASE)
• Databases and practices for working with and manipulating data structures
• Web technologies and frameworks

• CHNCT Offers Great Benefits:
• Medical, dental and vision coverage options
• Flexible spending and health savings accounts
• Group term life insurance
• A 401(k) plan with company-match and immediate vesting
• Voluntary accidental injury coverage
• Tuition reimbursement and continuing education opportunities
• A generous paid-leave bank and company holidays
• Wellness program
• CHNCT is an equal opportunity, affirmative action employer m/f/d/v and proud of the diversity of our workforce.
• Important Note to Applicants: CHNCT as a company feels very strongly that we need to do what we can to help control the spread of COVID-19 infections. Therefore, all employees, contractors, consultants and agency temporary staff are required to be fully vaccinated to work at CHNCT. Reasonable accommodations for medical or religious exemptions will be provided with appropriate documentation for positions that do not have in-person/member visitation requirements.