Information Security Officer

This job is no longer active. View similar jobs.

POST DATE 9/8/2016
END DATE 10/8/2016

Hewlett Packard Enterprise Reno, NV

Company
Hewlett Packard Enterprise
Job Classification
Full Time
Company Ref #
29679607
AJE Ref #
576121432
Location
Reno, NV
Experience
Mid-Career (2 - 15 years)
Job Type
Regular
Education
Bachelors Degree

JOB DESCRIPTION

APPLY
In this role, the selected candidate will review reports generated by NESSUS vulnerability scanning. Work with the leverage groups to remediate findings or create a Business Case Justification to accept the risks identified that cannot be remediated on a monthly basis. Hewlett Packard Enterprise - Enterprise Services (HPE ES) is a leading global technology services provider delivering outsourcing services and business solutions to clients around the world. HPE ES founded the information technology outsourcing industry nearly a half-century ago and today delivers one of the industry's broadest portfolios of information technology, applications and business process outsourcing services available on the market today.Location: Reno, NVTHIS POSITION REQUIRES HEALTHCARE EXPERIENCE. State Agency Healthcare experience highly desiredDescription General oversight of privacy and security related to HIPAA Privacy and Security rules and Commonwealth of Kentucky privacy laws. The Account Security Officer is a trusted resource both for the HP staff supporting the Commonwealth of Kentucky and the Commonwealth itself. Responsibilities include the following: Understanding of HIPAA Privacy and Security regulations and state/local privacy laws. Evaluate the day to day work conducted on the CLIENT account and conduct risk assessments to determine impact to HPE and the Commonwealth Review Policy Compliance Management reports generated by HPSA with the Security Administrator. Work with the leveraged ITO groups to remediate findings or create a Business Case Justification to accept the risks identified that cannot be remediated on a monthly basis Review reports generated by NESSUS vulnerability scanning. Work with the leverage groups to remediate findings or create a Business Case Justification to accept the risks identified that cannot be remediated on a monthly basis Work with the account Security Administrator to review and approve user access requests for all applications supporting the account. Review user inactivity reports for single sign on application, database, UNIX, and Windows environments on a monthly basis. Conduct monthly reviews of privileged access to database, UNIX, and Windows environments. Conduct annual user access reviews with account business unit managers. Coordinate QEX secure baseline audit and HIPAA audit modules on a monthly basis. Remediate any findings from the audit or create a Business Case Justification to accept the risks identified that cannot be remediated. Coordinate full risk assessment of the QEX baseline audit and HIPAA audit modules every three years. Remediate any findings from the audit or create a Business Case Justification to accept the risks identified that cannot be remediated. Coordinate annual SSAE16 audit with various Client resources and third party auditors. Remediate any findings as a result of the audit or create a Business Case Justification to accept the risks identified that cannot be remediated. Review SOC1 report with Reno Office of Administrative Technology Services privacy and security team. Conduct monthly meetings with privacy and security staff to review threat environment for the client and address any concerns with compliance activities. Also, Attend change order release meetings and evaluate change orders for risk related to privacy and security of customer data. Maintain and review Acceptable Use policy with business unit managers. Items reviewed include monitoring workstation computers to ensure they ae locked when unattended, staff are following clean desk protocol, and personal electronic devices are not connected to workstations. Work with the onsite trainer to conduct HIPAA new hire training for new hires and transfers from non-healthcare accounts. Conduct continuation training with business units to review how HIPAA impacts their specific job roles. Training is less formal and allows the team and to ask questions specific to their day to day duties. Maintain all documentation supporting HIPAA compliance including Privacy and Security Manual, Risk Management Plan, Incident Response Plan. Work with the client during the annual disaster and recovery drill. A desk top drill is conducted to demonstrate effectiveness of the drill and all applications are working and the integrity and availability of data is maintained. Attend mandatory monthly HealthCare Privacy Workgroup (PSWG) meetings and weekly infrastructure meetings with the operations team, client Security Administrator, etc. Attend monthly meetings with ITO Security Administrator to assess health of the account and develop plans to further tighten privacy and security of the state healthcare agency. As needed, draft incident reports and review with both the client account management and privacy team, and security staff at Office Administrative Technology Services. As part of the incident response plan, evaluate the root cause of the incident and implement any remediation steps necessary to preclude any future incidents. Conduct quarterly reviews of badge access for the client's facility and take any corrective action needed to update access. Also Review weekly and monthly log monitoring reports from ArcSight. 24/7 availability for any emergencies including any privacy and security events reported by the SIEM SOC and 24/7 availability to address privacy and security incidents in general. Evaluate the client's day to day operations for compliance with all HCI Directives and implement corrective action as needed. Provide support to the client with any questions related to compliance with HIPAA as it relates to their day to day activities. Participate in monthly Incident Reporting COE to evaluate HPE internal process and to help the ASO community better report and remediate privacy and security incidents. Attend Information Risk Management Knowledge Sharing sessions and weekly HCI ASO team meetings to collaborate and learn from other team members. The Information Security Officer is the assigned back up for the account Security Administrator. This is the list of core responsibilities for the Account Security Officer and is not all-inclusive. The Account Security Officer may perform additional duties as needed to support the HCI organization or the client account needs.Qualifications 5+ years' experience in data privacy and security. Healthcare experience is required. State agency healthcare experience highly desired! Bachelors or undergraduate degree or equivalent diploma, or combination of education, certification and relevant experience Experience with emphasis in information security and regulatory or other compliance management Experience with risk management techniques. Experience with health care environments and compliance planning and implementation Excellent understanding of project management principles. Knowledge of regulatory compliance requirements including HIPAA/HITECH, PCI, ISO, SSAE16, Safe Harbor, and Data Privacy Skilled in planning, problem solving, analysis, collaboration, and communication Knowledge of HPE operations and methodologies a plus Proficient with Microsoft Office suite (Word, Excel, PowerPoint) & Share Point Professional certification such as CISSP, GSEC, etc. a plus Excellent communication skills; written and verbal Team player Thanks for taking the time to review our job, if you think it is a match to your experience and interests please apply today we are eager about you! If you know a friend who may be a fit for the job please refer them.Hewlett Packard Enterprise is an equal opportunity employer. We welcome the many dimensions of diversity.Accommodation of special needs for qualified candidates may be considered within the framework of the HPE Accommodation Policy.HPE benefits package includes state of the art medical, dental, vision, flex spending, life insurance, LTD &