Under limited supervision by the Director of Technology and the Chief Information Security Officer, the Information Security Engineer will be responsible for the cyber defense function of HUH. He or she will contribute to the selection, deployment, and operation of cyber defense technologies, including firewalls, monitoring tools, malware detection, and log analysis tools across HUH. He or she will be an expert in the adoption of cyber security frameworks (e.g., NIST, HITRUST, FISMA, and ISO) and regulations specific to healthcare (e.g., HIPAA and HITECH). He or she will contribute to enterprise policies related to data use, network access, and appropriate use of computer equipment.
No direct reports
NATURE AND SCOPE:
Internal contacts may include senior administrators, faculty, physicians, nurses, other clinicians, and staff.
External contacts may include partners, regulators, vendors, and contractors.
Conduct cyber security audits, penetration tests, and investigations of cybersecurity incidents.
Responsible for coordinating cyber threat mitigation activities, security breach detection, containment, and restoration activities and contribute to HUH’s disaster response plan.
Develop and disseminate information security awareness training materials and develop and deliver class-room training for employees.
Provide front-line response to detection systems and alarms
Investigate malware, targeted attacks, intrusion attempts, and vulnerabilities
Drive continuous improvement of response capabilities through automation and critical thinking
Participate in the development, documentation, implementation and evaluation in security policies, guidance and procedures
Assumes other duties and responsibilities that are related and appropriate to the position and area. The above responsibilities are a general description of the level and nature of the work assigned to this classification and are not to be considered as all-inclusive.
Promotes adherence to the Health Sciences Compliance Program, the Howard University Code of Ethics and the Health Sciences Standards of Conduct.
Attends annual and periodic mandatory Compliance Program training including the Health Insurance Portability and Accountability Act (HIPAA) Privacy training.
Participates in activities that promote adherence to federal healthcare program requirements.
Actively participates in Health Sciences Compliance Program activities.
Adheres to the requirements of the HIPAA Privacy Policies and Procedures.
Maintains confidentiality of patients, families, and staff.
Must demonstrate collaboration; accountability; respect; excellence; and service.
Works with team members and peers in and outside of their immediate work group to create an exceptional experience for patients, students and other visitors; looks for ways to achieve departmental/institutional results by partnering.
Accepts responsibility for his/her actions to provide health care and or ancillary functions in a highly efficient and compassionate manner. The employee must function as a Steward (Have Ownership) of the Howard values that foster a commitment to improving the patient and student experience, organizational efficiency and the environment.
Embraces diversity; cares holistically for those we serve; treats all as we would like to be treated; manages the patient’s right to privacy with meticulous care 100% of the time and keeps patient and proprietary information about the institution confidential.
Anticipates the patient’s and student’s needs, presents as a model representative of the institution and maintains high standards of care while striving to improve performance and create exceptional experiences for our customers.
Behaves in a friendly, resourceful and professional manner towards all they encounter; treats patients, students and visitors in the same way that they would want their family members or themselves to be treated.
CORE COMPETENCIES: This is a list of knowledge, skills, and abilities that the incumbent should possess in order to perform the Principal Accountabilities successfully. Each phrase should begin with a noun or adjective. Examples: “Ability to exercise independent judgment”, “Knowledge of standard accounting principles”, “Skilled in supervising, mentoring, and motivating staff”. In addition, two standard competencies listed below are required for nearly all HUH position descriptions
Knowledge of various enterprise software technologies used in an acute care hospital
Critical and analytical thinking skills
Excellent collaborating and negotiation skills
Must have excellent written and verbal skills. Must be comfortable making formal presentations to senior management and executive level clients.
Proficiency in the operation of computers, related software applications (word-processing, spreadsheets,
databases, graphic presentations, as well as other standard office equipment information systems, etc.)
and standard office equipment.
Familiarity with project planning methodology and willingness to work in a team environment to complete
projects in a timely fashion.
Must work independently on broad assignments and be capable of making decisions both involving projects as well as ongoing troubleshooting.
Ability to exercise discretion and ensure a high level of confidentiality.
Strong interpersonal skills and emotional intelligence.
Ability to work independently or as part of a team with a “roll up your sleeves” attitude.
Competence in both oral and written English.
Ability to establish and maintain effective and harmonious work relationships with staff, physicians, Hospital and University officials, and the general public.
B.S. in Computer Engineering, Computer Science, or other similar area.
7+ years of experience as Network or Systems Engineer for a complex organization including 2 + years in Security Systems
Knowledge of healthcare security and privacy regulations (HIPAA/HITECH).
Advanced knowledge of at least one information security framework (e.g., NIST, HITRUST, FISMA, ISO).
Certified Information Security System Professional (CISSP) certification and Healthcare experience are major pluses.
Must be able to stand, walk, sit, lift (12-25lbs), bend, write, type, file, speak, hear, see, calculate, compare, edit, evaluate, interpret and organize for extended periods of time.