Under the direction of the Director IT Security Compliance, this position is responsible for managing the implementation and support of all application related security. This position will lead security meetings and develop implementation timelines and strategies relating to application security. The individual works closely with IT Management, the Compliance Office, the Director IT Security Compliance and the CIO on IT security requirements and issues. Directly contributes to high-level security decisions and works with departmental users and IT personnel to define network and data security requirements in support of business needs. Ensures effective security controls, including policies and procedures are in place and educates affected users on these procedures. Conducts periodic vulnerability scans and risk assessments to ensure compliance with established security controls. This position leads regularly scheduled security meetings and organizes integrated sessions with vendors to discuss and make decisions about integrated security topics. Also is responsible for completing the security build, testing, user account provisioning and deprovisioning record creation. Develops the application security support plan, related documentation and trains all application support staff on applications’ security procedures and related industry best practices. In addition, this position mentors, develops junior staff, and educates others on best practices.
Qualifications:
Education:
- Requires a Bachelor’s degree in Information Technology or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work in lieu of degree. A Master’s Degree is preferred and may substitute for up to two (2) years of required experience; and a Doctorate degree may substitute for all required experience.
Experience:
- Requires five (5) years of progressively responsible computer application security experience that demonstrates a thorough understanding of the required knowledge, skills, and abilities.
Specialized Training:
- None
Certification/Licensure:
- Prefer certifications (i.e. CISSP, CISA, etc.) in computer security.
Knowledge, Skills & Abilities:
- Must have in depth knowledge of data processing within various healthcare related applications (in particular, systems that contain Protected Health Information and patient financial data); HIPAA Privacy and security provisions and other applicable regulations; and role based security and how it’s applied to application security.
- Must have a solid understanding of LDAP and how it relates to user provisioning and deprovisioning. Requires thorough knowledge of information security practices as they relate to information technology. Requires knowledge of departmental policies and procedures; training techniques; project management principles, practices, and procedures; ITIL practices, in particular the application of change control; and software platforms used, operated and/or maintained by Valleywise Health.
- Must have strong familiarity with risk analysis and risk management methodologies; and a solid understanding of application vulnerabilities and countermeasures.
- Must exhibit a high degree of professionalism, customer service, and enthusiasm.
- Requires attention to detail with a drive for simplifying and automating applications security processes is essential.
- Requires excellent communication skills (both oral/written), both with team members and business contacts.
- Must be capable of training users and other support personnel in complex topics.
- Must have solid documentation and presentation skills are required.
- Must be able to work effectively and demonstrate leadership and initiative in a fluid, fast-paced, high volume, deadline-driven environment. Must be able to write intricate system and user documentation.
- Requires the ability to quickly understand new applications and their impact to security.
- Requires professional maturity in dealing with all levels of management and staff.
- Must be able to provide and recommend remediation approach and not just provide vulnerability information.
- Requires the ability to read, write and speak effectively in English.
Salary Range: Hourly rate: $38.42 – $56.67