We are recruiting for a Manager, Information Systems Compliance and Risk, to join our Information Systems Department in Louisville, Kentucky.
Oversees, directs and provides guidance over IT Standards, Policies, and Procedures for IT products and services. Reports directly to the DVP, IS Finance & Administration.
Essential Functions:(Those functions that the individual who holds the position must be able to perform unaided or with the assistance of reasonable accommodation).
Ensure the ongoing integration of HIPAA security initiatives with all IS related business strategies
In-depth knowledge of the HIPAA Security Rule, and knowledge of the HIPAA Transactions and Code Sets Rule and Privacy Rule
Administer periodic information risk assessments and audits according to HIPAA requirements
Understanding of technical security systems including networking, TCP/IP, firewalls, and content filtering
Policy and Procedures
Experience in developing security policies, procedures, and plans
Coordinates activities to improve IT compliance with Standards and Policies
Works with IT departments to ensure standards, policies and procedures follow practices established by ISO2700, COBIT, ITIL and other industry standards.
Oversees IT activities with the internal audit department and external audit entities
Ensure corrective action plans are responded to timely.
Chair the Compliance/Risk/Audit Committee
Strong documentation and communications skills; ability to present to all levels of management
Ability to understand and assess business risks and determine which countermeasures need to be applied
Understanding of the ISO/IEC 17799 framework
Responsibilities for addressing issues related to access controls, business continuity, disaster recovery, and incident response
Provides timely guidance to IT leaders and technical employees engaged in audit and regulatory compliance activities in accordance with current industry trends and good practices.
Proven experience with auditing standards and methods.
Demonstrates good interpersonal skills when working or interacting with co-workers, leadership, and internal and external customers.
Demonstrated knowledge of recognized IT processes and quality frameworks such as ISO, COBIT, ITIL, CMM,
Working knowledge of current industry regulation (i.e., SOX, HIPAA, PCI).
Proven knowledge of industry standard methodologies and best practices (i.e. Project Life Cycle, System Development Life Cycle, and Change Management processes) as well as technology risks including Internet/Intranet, network, operating systems and security.
Must read, write and speak fluent English.
Must have good and regular attendance.
Approximate percent of time required to travel:
Performs other related duties as assigned.
Bachelor's Degree in Cyber Security, Computer Science or a related field preferred.