Job Description
Benefis Health System
Great Falls, Montana, Evaluates, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defenses and resources. Monitors network to actively remediate unauthorized activities; performs related work. FLSA: EXEMPT DUTIES AND RESPONSIBILITIES: ITS Security formulates the information security plan for the enterprise and implements it using a risk management framework. Interfaces with management, customers, developers, administrators, and network engineers to establish, administer, and secure enterprise data, servers, and the network. Utilizes a variety of tools to ensure confidentiality, integrity, and availability of data. Works to identify threats, protect organizational information, assets, and people, detect malicious and suspicious activities, respond to hostile, intentional and unintentional information security incidents, and aid in making sure recovery efforts address the security issues that cause them. Maintains and supports all design, development, evaluation, and integration and operations of computer systems and networks to maintain information security for projects and the enterprise infrastructure. Responsible for the establishment of information security policy, determination of enterprise information security risks, development of information security architecture, analysis of operational monitoring information, and resolution of information security incidents. Research opportunities to improve information security standards and identifies best practices. Ensures the safety and security of all information systems assets based on significant breadth and depth of expertise.
Designs and implements procedures and controls necessary to protect information system assets and data. Provides guidance and direction both within information security and among users for the physical protection of information system assets, organizational information, and customer data. Performs organizational and system level risk assessments in accordance with the risk management plan. Performs e-discovery and information forensic services. Advanced expertise in information security. Lead projects and oversee daily operations. Technical experts in information security software and systems, information security management, information security principles. They are fully competent to provide leadership and direction to other staff members and possess in-depth knowledge of legislation and regulation for security and data recovery to ensure compliance. Demonstrates the ability to deal with pressure to meet deadlines, to be accurate, and to handle constantly changing situations. Demonstrates the ability to deal with a variety of people, deal with stressful situations, and handle conflict.
Professional Requirements: Adheres to dress code. Completes annual educational requirements. Maintains regulatory requirements. Wears identification while on duty. Maintains confidentiality at all times. Attends department staff meetings as required within the department. Reports to work on time and as scheduled; completes work in designated time. Represents the organization in a positive and professional manner. Actively participates in performance improvement and continuous quality improvement (CQI) activities. Coordinates efforts in meeting regulatory compliance, federal, state and local regulations and standards Communicates and complies with the Benefis Health System Mission, Vision and Values as well as the focus statement of the department.
Complies with Benefis Health System Organization Policies and Procedures. Complies with Health and Safety Standards and Guidelines. Education/Experience Requirements: BA/BS degree in a technology field or suitable work experience in a security role. At least five years of enterprise information technology experience. At least three years of information security experience. Relevant certification (such as the International Information Systems Security Certification Consortium, which offers the Certified Information Systems Security Professional (CISSP/HCISPP) qualification) preferred or willing to achieve certification within the first year. Considerable knowledge of computer networking concepts and protocols, and network security methodologies; internal tactics to anticipate and mitigate cyber security threat capabilities and actions; risk management processes (e. g. , methods for assessing, documenting, and mitigating risk). Good knowledge of cyber intelligence/information collection capabilities and conducting cyber incident investigations; assessing cyber security regulatory compliance and policy & procedure writing.
Source ⇲