Job Description
The Information Security Officer will be responsible for responsible for developing, implementing, and maintaining AMCE’s information security program, as well as protecting its data and systems from cyber threats. The role holder will also assess the security risks, implement security controls, and ensure compliance with relevant regulations and healthcare industry standards.
Core Responsibilities
Security Policy and Standards
Develop and implement a comprehensive information security policy framework that outlines AMCE’s security goals, objectives, and responsibilities.
Create detailed procedures for various security functions, including access control, incident response, data classification, and business continuity.
Conduct periodic reviews of security policies and procedures to ensure they remain relevant and effective.
Monitor adherence to security policies and procedures and take corrective action when necessary.
Risk Assessment and Management
Conduct regular risk assessments to identify potential security threats and attacks to AMCE’s information systems and data.
Analyze identified risks, assess their potential impact, and prioritize them based on severity and likelihood.
Develop and implement effective risk mitigation strategies, such as implementing security controls, conducting security awareness training, and establishing incident response procedures.
Continuously monitor the security landscape and adjust risk mitigation strategies as needed.
Security Audits and Assessments
Implement and maintain technical security controls, including firewalls, intrusion detection systems, intrusion prevention systems, and encryption technologies.
Implement and enforce robust access controls, such as strong authentication mechanisms, authorization policies, and role-based access control.
Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
Implement a timely management process to address security vulnerabilities and areas for improvement in software and operating systems.
Incident Response and Reporting
Develop and maintain a comprehensive incident response plan, outlining procedures for detecting, responding to, and recovering from security incidents.
Establish and train an incident response team to handle security incidents effectively.
Promptly investigate security incidents, document findings, and report to relevant stakeholders.
Conduct post-incident reviews to identify lessons learned and implement corrective actions to prevent future incidents.
Compliance and Auditing
Ensure compliance with relevant regulations, such as HIPAA by staying up-to-date on regulatory changes and implementing necessary controls.
Conduct regular security audits and assessments to identify and address security gaps.
Assess the security practices of third-party vendors and service providers.
Maintain accurate and up-to-date security documentation and reports.
Security Awareness and Training
Develop and deliver comprehensive security awareness training programs for all employees.
Conduct regular phishing simulations to assess employee awareness and responsiveness to potential threats.
Qualifications
Bachelor’s degree in Computer Science, Information Technology, or related field.
Master’s degree is an added advantage
Certifications such as CISSP, CISM, or CISA are preferred.
Minimum of 3 years of experience in information security, risk management, cybersecurity, or a related field.
Experience in a healthcare or similar regulated industry will be an added advantage.
Apply via :
jobs.smartrecruiters.com