Chief Information Security officer (Not to exceed $180k)

DISTINGUISHING FEATURES OF THE CLASS: This senior-level position involves performing cybersecurity activities to protect Lewis County Health System assets (data, systems and infrastructure) through identifying and responding to threats and risks to the informational technology infrastructure.  This position is responsible for guiding and assisting the organization in control of system security activities to ensure the safekeeping and protection of data and system assets from illegal, intentional, or unauthorized disclosure, use, modification, or destruction. This position will develop, plan, and implement an information systems (IS) strategy that meets the facility’s needs, delivers optimal customer service, and maintains Responsibilities include maintaining board level involvement with cybersecurity postures and platforms, in coordination with external security agencies and regulatory requirements, interfacing with departmental coordinators to educate, discuss and/or resolve security issues and problems, and performing analyses of data security systems. 

TYPICAL WORK ACTIVITIES:

●  Oversees projects and assignments within the Information Systems department;

●  Leads efficient operation of the team so that prompt modernization and upgrades of Is are performed as needed;

●  Identifies new IS system developments and technologies and anticipates resulting organizational modifications;

●  Ensures that IT and network infrastructure adequately support the organization’s  computing, data processing, and communication needs;

●  Assists in the development and maintenance of facility cybersecurity programs, security tools, documentation, policies and procedures to reduce cyber security risks in the organization;

●  Assists in the implementation of data access security measures by identifying, analyzing, and resolving cyber security and system problems relating to data security access, for applications, network, and computer programs;

●  Investigates security incidents concerning data access violations, breaches and data loss prevention of sensitive data;

●  Maintains documentation regarding non-public information life cycle, including data creation, at rest, in transmission, and external delivery;

●  Develops and maintains risk-based security controls and access level job classifications for internal and external access to non-public information;

●  Participates in information security risk analysis and risk management processes with internal and external resources;

●  Monitors and audits the information security systems to isolate and identify occurrences of illegal or unauthorized access;

●  Monitors and audits external third party compliance with cybersecurity regulations and business associates agreements;

●  Investigates and corrects cyber security related vulnerabilities and problems to ensure data information system integrity and a secure environment;

●  Audits, tests and evaluates commercial and proprietary security software fixes, patches and runs to improve system performance and efficiency;

●  Assists in developing, maintaining, training, and annual testing of downtime preparedness, incident response, business continuity, and disaster recovery operational plans;

●  Performs analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provides remediation recommendations.

●  Conducts forensic investigations as required. Collects, seizes, handles and analyzes digital evidence and identifies elements discovered during investigations for their potential use as evidence in criminal or other investigations;

●  Participates in the continuous monitoring and protection of technology resources and determines events that require investigation and response;

●  Participates with local, state, and federal cybersecurity support and enforcement agencies in the event of required incident response;

●  Performs analyses of data security systems to regularly report to management and Health System Board of Managers regarding system security risks and corrective action;

●  Develops and implements the IT budget;

●  Conducts performance evaluations that are timely and constructive;

●  May perform other tasks, as needed.

FULL PERFORMANCE KNOWLEDGE, SKILLS, AND ABILITIES:  

Thorough knowledge of state-of-the-art computer security; thorough knowledge of internal  computer logic, programs and facilities; thorough knowledge of the operation and use of  internally stored programmed logic; thorough knowledge of computer performance monitoring  techniques; thorough knowledge of TCP/IP and OSI Model networking concepts; thorough  knowledge of best practices regarding malware, emerging threats, attack vectors, and  vulnerability management; good knowledge of organization structure and its relation to work  flow; good knowledge of requirements and capabilities of municipal or health system hardware  and software related equipment; working knowledge of network and security analytical tools  and applications in performing work assignments; ability to comprehend and integrate complex  computer technology, facilities and software into a working system of Data Access Security;  ability to read, interpret and apply technical information; ability to analyze and identify security  problems quickly and efficiently coupled with an ability to recommend appropriate resolutions to  same; ability to communicate complex solutions and concepts effectively to technical and non technical audiences both orally and in writing; ability to analyze and evaluate operational data;  ability to establish and maintain effective working relationships with associates, users and  vendors; ability to read, write, speak, understand, and communicate in English sufficiently to  perform the essential duties of the position; resourcefulness; initiative; tact; physical condition  commensurate with the demands of the position.

SUGGESTED MINIMUM QUALIFICATIONS: Either:

A.    Graduation from a regionally accredited or New York State registered college or university with a master’s degree in cybersecurity, networking, computer science, business administration, or closely-related field and three years of experience in administration of information systems and technology with increasing level of responsibility; or

B.     Graduation from a regionally accredited or New York State registered college or university with an bachelor’s degree in cybersecurity, networking, computer science, business administration or closely-related field and five years of experience as defined in (A); or

  C.     An equivalent combination of training and experience as defined by the limits of (A) and (B) above.

 To apply send/fax resume to: Human Resources, Lewis County General Hospital, 7785 N. State Street, Lowville, NY 13367, Phone: 315-376-5202 Fax: 315-376-5572 or email: hr@lcgh.net. LCHS is an equal opportunity provider and employer.