Director of IT Security (HHSC 04-24)

Exempt/Full Time
Hawaii Health Systems Corporation - Corporate Office
Posted on June 19, 2024

DATE POSTED: June 19, 2024

POSITION TITLE: Director of IT Security

RECRUITMENT NO: HHSC 04-24

POSITION STATUS: Exempt/Full-Time with Benefits

LOCATION: Hawaii Health Systems Corporation (HHSC), Corporate, Honolulu, HI

SALARY RANGE: $$144,785 – $173,742 per year

JOB DUTIES:

The Director of IT Security’s primary function is the design, oversight and ongoing management of the information security program, including policies, procedures, technical systems, and workforce training in order to maintain the confidentiality, integrity, and availability of data within the organization information systems framework. The Director of IT Security’s role addresses electronic system architecture and functionality as it affects safeguards of Protected Health Information (PHI) and business information assets. The Corporate Office is located in Leahi Hospital, Honolulu, Hawaii.

The Director of IT Security acts as a focus and resource for the organization’s information security matters. Works with those in corresponding roles at the hospitals. Takes direction from the VP & Chief Information Officer to achieve the goals of the organization. Investigates and recommends secure solutions that implement information security policy and standards. Coordinates Office of Information Security activities and works with staff as required. Oversees, implements, and monitors the security requirements levied by Federal and State Rules and Regulations.

MAJOR DUTIES & RESPONSIBILITIES:

A. IT Security and Audit 50%

Designs and performs information systems audits, critical responsibilities for this duty include but are not limited to:
1. For each HHSC information system that contains confidential information, such as, Protected Health Information (PHI) or Personally Identifiable Information (PII), design, build, test and utilize audit reports that highlight information security breaches.
2. Develop policies, procedures and standard reports for identifying and/or verifying potential breach of information security, confidentiality and privacy.
3. Establish a proactive audit process that reviews IT Security policy compliance of HHSC employees once per year.
4. Create new information system audits as part of all system implementations managing patient information.
5. Modify existing information system audits as part of all system upgrades managing patient information.
6. Develop, maintain and utilize system for tracking all audit results (proactive and reactive).
7. Work with Human Resources, Compliance, and Legal to address any confirmed breach situations.
Designs and performs Internet access and usage audits; critical responsibilities for this duty include but are not limited to
1. Participate in the selection of an Internet monitoring solution.
2. Design, build, test and utilize Internet access and monitoring reports that highlight employee abuse of the privilege.
3. Develop policies, procedures and standard reports for identifying and/or verifying abuse of Internet privilege.
4. Establish a proactive audit process that reviews each HHSC employee once per year (as available via Active Directory log-ins).
5. Identify and block inappropriate Web Sites.
6. Work with Human Resources to address any confirmed abuse situations.
Provides application support and security administration activities for assigned software applications as they are assigned by IT Leadership as defined in the IT Staffing Application and Project matrix; critical responsibilities for this duty include but are not limited to:
1. Responsible for ensuring System/Data owners maintain security management controls for application dictionaries and user profiles which impact system and user security.
2. Review and audit the process to maintain system security for administering user codes and passwords.
3. Review and audit the process to maintain system security for granting and removing access to IT department key punch doors or electronic swipe auto locks.
4. Develop a collaboration information sharing process with Human Resources to ensure that IT receives timely and accurate terminations, transfers and new hire information.
Champions continuous readiness of security regulations; critical responsibilities for this duty include but are not limited to:
1. Chair the Information Security Workgroup.
2. Facilitate work group meetings, status meetings and any other brainstorming type of meetings related to information security.
3. Perform walkthroughs with HHSC Corporate Compliance & Privacy Officer to identify existing non-compliance areas and issues.
4. Track and actively work to resolve non-compliance issues identified through the Security Workgroup and/or walkthroughs.
5. On a routine basis, select an information security consulting firm to perform internal/external vulnerability assessment.
6. Manage the relationship with the information security partner coordinate all aspects of the security assessment projects.
Serves as HHSC educator for information security; critical responsibilities for this duty include but are not limited to developing content for:
1. General Orientation.
2. Annual job specific role-based access training.
3. IT department in-services.

B. Information Security 45%

Establish an information security program and management infrastructure to ensure that technology risks are identified and managed.
Advise senior management about risks to the business due to the implementation of technology used to operate the business.
Serve the role of Chief Information Security Officer to provide system-wide staff with a single point of contact for all issues involving information security including, but not limited to, general questions regarding information security, physical security of computers and facilities in which they are located, security alerts, viruses and breaches of security.
Inform Executive Management of security breaches, information and related physical security issues and risks.
Implement and maintain a process for defining the organization’s goals and objectives for information and related physical security.
Review and advise on Security audit recommendations and responses.
Ensures information security policies and procedures are established and implemented and contingency plans are in place that will provide continuing operations in the event of an emergency. Contingency plans would include disaster recovery procedures and emergency mode operation plans are in place.
Assist Legal and Compliance with E-Discovery.
Analyze and evaluate new technologies for cost effective, efficient operation, and adherence to healthcare security requirements to support the HHSC environment; prepare feasibility studies, monitor technical design in relation to security changes.
Identify opportunities for improving financial/clinical security processes through automation; prepare proposals to develop new systems or enhancements to existing systems.
Determine allocation of resources and install schedules.
Assure proper planning, engineering, documentation, installation and testing of systems to meet end user requirement; manage system maintenance activities.
Prepare budgetary cost estimates and develop project implementation proposals, documentation and scheduling; write technical specifications and request for proposals.

C. Other Duties 5%

Works with Corporate Compliance & Privacy Officer to ensure information security policies and procedures are meeting all regulatory requirements.
Performs other duties as assigned.

THE MINIMUM QUALIFICATION REQUIREMENTS ARE: Applicants must meet all of the following requirements. Please note that unless specifically indicated, the required education and experiences may not be gained concurrently. In addition, qualifying work experiences are based on a 40-hour work week.

EDUCATION: A Bachelor’s degree from an accredited university or college or equivalent work experience.

EXPERIENCE: Must have five (5) years general experience with functions pertaining to IT Security, Privacy, and Confidentiality; managing security projects, strategic planning related to security, and quality control support. Five (5) years management experience in IT security and/or managing a technical team in an information technology environment.

CERTIFICATION: Certification as a Certified Information Systems Security Professional is preferred. Knowledge of HIPAA, NIST CSF, and IT security best practices.

LICENSE: None

KNOWLEDGE AND ABILITIES:

Knowledge of: All areas of information and related physical security including but not limited to security alerts, warnings, computer virus activity, and advances in security techniques. Information use and flow in the organization, and understanding the rules and regulations pertaining to information security and confidentiality at both federal and state levels and healthcare industry standards. Broad knowledge of current technical and procedural techniques in information and related physical security.

Ability to: Manage and direct workers including the ability to provide counseling and mediation; communicate effectively both orally and in writing; communicate clear expectation to subordinates and motivate them to perform effectively; establish and maintain good working relations with department personnel, staff, vendors, peer, and management; understand and learn a variety of business procedures and processes; develop new approaches and solutions outside of existing theories and principles; engage in high level consulting; advise and interpret policies, procedures and standards, prioritize requests for services.

Communicate technical, application and security related concepts to a broad range of technical and non-technical staff. Identify and evaluate information and related physical security risks and exposures. Establish liaisons with internal and external constituencies with respect to information and related physical security matters.

WORKING CONDITIONS AND PHYSICAL REQUIREMENTS:

Work to be performed primarily in an HHSC office setting. Incumbent may be required to attend meetings in the Honolulu office, at locations throughout Oahu and throughout the State of Hawaii, and potentially the mainland United States. Travel may require occasional overnight stays of one or more days out of town, or out of state. Light lifting and carrying of papers and books up to fifty pounds will occasionally be required. Occasionally and on short notice throughout the year incumbent will be required to work long, additional hours in the evenings and on weekends and holidays.

Please provide three (3) professional references (name, job title, employer, work/cell number and email), along with your salary expectation.

To apply for this job email your details to jobs@hhsc.org

HOW TO APPLY: For application information, please click on the link below:

Please complete our HHSC Employment Application form and submit with resume by mail to Hawaii Health Systems Corporation, Human Resources Office, 3675 Kilauea Avenue, Honolulu, HI 96816 or E-mail at jobs@hhsc.org.

Applications available at the Hawaii Health Systems Corporation, Human Resources Office, 3675 Kilauea Avenue, Honolulu, HI 96816; hours are: 8:00 am – 12:00 pm at which time applicants are able to complete an application and have their application reviewed by the Corporate Human Resources Office. Only applicants that have been through a Human Resources (HR) applicant screening process will be considered for an interview with the hiring manager. Applications for announcements with a deadline date must be on file no later than the last day to file applications.

QUALITY OF EXPERIENCE: Possession of the required amount of experience will not in itself be accepted as proof of qualification for the position. Overall paid or unpaid experience must have been of such scope and responsibility as to conclusively demonstrate that you have the ability to perform the duties of this position. Provide a detailed description of your duties and responsibilities. If you worked on a part-time basis, indicate the average number of hours worked per week. Please note that experience will be based on a 40-hour workweek. Note: We will not postpone the recruitment process because of your failure to provide accurate and complete information concerning your qualifications.

MERIT OR CIVIL SERVICE SYSTEM: You must meet the minimum qualification requirements, including education, experience, other public employment requirements for State Civil Service employment, and HHSC Standards of Fitness. Only those applicants that are scheduled for an interview with the hiring manager will be contacted. Applications will be kept active six (6) months.

CITIZENSHIP AND RESIDENCE REQUIREMENT: Applicants must be eligible to work in the U.S. and at the time of appointment intend to reside in the State of Hawaii during the course of employment with the Hawaii Health Systems Corporation.

VETERAN’S PREFERENCE: If you are claiming Veteran’s Preference, you must submit a copy of your DD214 and/or other substantiating documents specifying the periods of your service.

PHYSICAL/MENTAL REQUIREMENTS: Applicants must be able to physically and mentally perform efficiently the duties of the position. Qualified applicants with disabilities who can perform the essential functions of the advertised position are encouraged to apply. The Hawaii Health Systems Corporation is committed to making reasonable accommodations on a case-by-case basis. Applicants seeking reasonable accommodations should be ready to discuss the accommodation sought so that a determination can be made that such accommodation is reasonable and would not cause the employer undue hardship.

MEDICAL/PHYSICAL EXAMINATION REQUIREMENT: Offers of employment will be contingent on successfully passing a pre-employment physical examination, which includes drug screen and other regulatory medical requirements such as, but not limited to, two-step tuberculosis (TB) screen. The cost for physical examinations, except the cost for drug screening, shall be borne by the applicant and not the Hawaii Health Systems Corporation.

PHYSICAL EXAMINATION REQUIREMENT: Offers of employment will be conditioned on the results of a complete physical examination, which includes a drug screening. For certain job categories, applicants may be referred to an HHSC-designated physician, rather that the applicant’s personal physician of choice. The cost for all physical examinations, except the cost for the drug screening, shall be borne by the applicant and not the Hawaii Health Systems Corporation. The Hawaii Health Systems Corporation shall bear the cost of the drug screening.

CRIMINAL/BACKGROUND, CREDENTIALING CHECKS: Applicable checks will be conducted periodically and any associated costs may be borne by the applicant. If a job, offer is made or employment is begun prior to completion of all applicable checks, any offer of employment or continued employment is contingent upon satisfactory return of all required checks.

IMPORTANT APPLICATION/EMPLOYMENT INFORMATION

Administrative Review, subsequent appeals: If you do not agree with a decision made by the Employment Office as to your non-qualification or non-selection for a position, you may complete a Request for Administrative Review form (available on the HHSC website) or you may submit a written request within twenty (20) days from the date of your sent notice to the Regional Chief Executive Officer/Designee. Your letter requesting the Administrative Review must include: 1) The job title(s) and recruitment number(s), 2) the specific reason(s) you are requesting the review noting if there is statute or rule violation, and 3) any additional information you want to submit to substantiate your request. If you do not submit your request within the twenty (20) days deadline, no Administrative Review will be conducted. Since the Administrative Review is a prerequisite to subsequent steps, failure to utilize this process will make you ineligible for subsequent appeals. The administrative review, formal complaint and/or appeals hearing will not necessarily postpone the recruitment process and/or rescind a selection. If you do not agree with the Administrative Review, you may file a Formal Compliant and then, if you are still not satisfied, you can appeal to the HHSC Merit Appeals Board.

CONTACT INFORMATION: The Corporate office of the Hawaii Health Systems Corporation is located at Leahi Hospital, 3675 Kilauea Avenue, Honolulu, HI 96816. For employment opportunities, please contact the (808) 733-4158, email jobs@hhsc.org or visit our website at https://www.hhsc.org/.

Persons with Disabilities may contact the Recruitment Office to discuss special needs in applying at (808) 733-4158, (Voice/TT), Toll Free (800) 845-6733, e-mail: jobs@hhsc.org.