The mission of the Information Security Team is to deliver and maintain Eastern Maine Healthcare Systems’ (EMHS) Information Security Program as defined in its charter from the EMHS Leadership Council. This program is to safeguard information and system assets against unauthorized use, disclosure, modification, damage or loss. The administrative needs include establishing and maintaining a security organization, developing a cost-effective and integrated security program that supports the accomplishment of the goals and priorities of EMHS.
The activity is critical for the integrity, accessibility and security of patient and organizational information belonging to EMHS and its members. This position builds an in-depth knowledge of systems in use by EMHS Information Systems (IS); a current awareness of emerging technology and regulatory requirements, potential threats and the application of this knowledge to minimize risk to the information Systems of EMHS. This position supports risk analyses of proposed systems and recommendations for consideration by senior managers during decision making. The ability to support the application of creative and innovative solutions to problems, threats and issues is needed for this position.
Under direct supervision of Management, build an understanding of the clinical and business operations of inpatient services, ambulatory, and physician practices within the EMHS structure, including Home Office and Member Organizations. The position directly enables EMHS to comply with the Federal Information Security Management Act (FISMA), Meaningful Use Security and Privacy and HIPAA/HITECH requirements. This is accomplished through the following:
- Maintenance of assigned documentation and policies.
- Monitoring assigned system and user activity.
- Maintenance of assigned monitoring applications.
- Support of the Certification and Accreditation Process.
- Support of assigned Risk Assessment and remediation activities.
- Providing appropriate user access to supported applications.
Information Security Analysts present a professional image in conduct, attitude and attire and have positive can-do attitudes. This position is a role model for following EMHS policies, upholding professional standards, and performing all work in a manner respectful of others. This position regularly and consistently acts with the best interest of the organization, the patient, and the customer in mind.
Serves as role model by delivering quality customer service; establishing appropriate expectations of customer service within assigned areas, providing quality customer service and takes appropriate corrective action when needed. Recognizes and fosters excellent customer service and ensures all customers are treated courteously, responded to quickly and with respect; while exhibiting an attitude that fosters cooperation, innovation, collaboration and teamwork.
Works with customers, IS staff and the Project Management Office to ensure that assigned projects are accomplished within the prescribed quality parameters, time frames, and funding limits. Uses the project management methodology as appropriate and is accountable for assigned project deliverables.
Education & Experience Required
Either of the following:
- A high school diploma combined with a minimum of 1 year experience in information technology preferably in a healthcare setting and complete a nationally accepted certification in information security such as is issued by the International Information Systems Security Certification Consortium (ISC)2, Global Information Security Assurance Certification (GIAC) or Information Systems Audit & Control Association (ISACA) within one year of employment.
- An Associate Degree in a major that is related to healthcare information security such as information technology, a healthcare career field, accounting, finance or business. A nationally accepted certification in information security such as is issued by the International Information Systems Security Certification Consortium (ISC)2, Global Information Assurance Certification (GIAC) or Information Systems Audit and Control Association (ISACA) is to be completed within one year of employment.
Other Skills Required:
To perform this job successfully, an individual must be able to perform each essential duties satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
- Must be able to effectively communicate with clinicians, information systems resources, peers, and management staff from hospitals (from critical access hospitals to a tertiary referral center), other Member Organizations, and vendors in a manner that represents EMHS positively.
- Experience in a multi- site, multi- entity organization, with a management model similar to EMHS and governance models similar to EMHS, is preferred.
- Excellent organizational and interpersonal skills with experience working under pressure and a rapidly changing environment.
- Must be able to effectively work with other IS functions for development, andimplementation efforts.
- The ability to read, analyze, and interpret complex compliance regulations and documents pertaining to information technology, privacy, clinical practice, healthcare policy, and business operations as well as draft policies, reports, and presentations on these areas.
- Effectively drafts information and responds to questions from groups of managers, clients, customers, and the general public.
- The ability to respond to inquiries or complaints from customers. Treats people with respect; inspires the trust of others; upholds organizational values.
- The ability to draft presentations, articles, policies and procedures and operating instructions for publication that conform to a prescribed style and format.
- The ability to draft information, ideas and concepts for presentation to both employees and vendors.
- Displays a willingness to make timely decisions while exhibiting sound and accurate judgment while seeking the appropriate people to include in the decision-making process.
- Ability to recommend solutions to practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.
- Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.
- The ability to apply basic mathematics and concepts such as fractions, percentages, ratios and proportions to practical situations.
- The ability to apply innovative, logical or scientific thinking to an assigned range of intellectual and practical problems.
- The ability to understand technical instructions and non-verbal symbols and deal with a variety of concrete variables.
- The ability to recognize and react to information security events in a prescribed, methodical and timely manner; seeking information from other sources as needed.
- Must be proficient with Microsoft Office.
- The physical demands described are representative of those that must be met by an employee to successfully perform the essential functions of this job in a normal office environment. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
- Must be able to facilitate meetings and conference calls for long periods of time.
- Must have access to transportation and be able to travel, sometimes overnight, throughout Maine, and to conferences and offices of vendors.
- Busy office environment seated at a desk or in meetings, walking or standing for extended periods of time, carrying meeting materials, and subject to a noise level that is usually moderate.
- Must be able to work variable hours and occasional weekends. Overnight travel may be required. Must hold a valid driver’s license and be willing and able to drive throughout Maine, and be a passenger on commercial aircraft, buses, and trains.
- When orientation is complete will participate in Security off-hours call as scheduled.
Equal Opportunity Employment
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, disability status, gender, sexual orientation, ancestry, protected veteran status, national origin, genetic information or any other legally protected status