Information Security Administrator (Mississauga, CA)
The Information Security Administrator is part of the Information Security team under the direction of the Security and Privacy Officers will partner with all business unit stakeholders and committees to understand the overall security program goals throughout the organization. The Information Security Administrator will be responsible for compliance initiatives and collaborate with departments to ensure information systems are implemented in accordance with HIPAA privacy guidelines and security rule.
Work closely with both the Security and Privacy Officers to develop the security awareness and training programs; research, create, develop and enforce security policies, standards and procedures to ensure protection of the organization security and systems as specified by HIPAA and other state and federal statutes.
Collaborate with IT to help ensure workforce members receive communications regarding compliant solutions and security controls to ensure all controls are implemented prior to approving the use of appropriate information security applications, storage devices, hosting and production and internal systems.
Research the latest technology enhancements related to HIPAA security, provide support and collaborate with multiple departments, including maintaining a strong relationship with IT to ensure HIPAA regulations and corporate policies are being met throughout the organization.
Perform periodic gap assessments, assist with internal and external audits and RFP security questionnaires.
Review technical, physical and administrative controls for existing and new systems and applications for HIPAA compliance; conduct business analysis to ensure business and technical requirements for all systems that store ePHI have been addressed and integrated into design and function of systems and applications
Perform technical and functional security reviews for systems that store ePHI and determine if the existing applications meet security and compliance requirements.
Provide IT and business resources guidance in interpreting security compliance requirements and performing application and system security assessments.
Respond to security issues; investigate security violations and issue corrective actions for compliance as required by the Privacy and Security Officers and assist in coordinating responses to state and internal audits.
Identify and/or review gaps related to access controls, business continuity, disaster recovery, and incident response and remediate any findings.
Must have knowledge of data security requirements under PHIPA, HIPAA and/or HITRUST.
Additional knowledge other regulations, an understanding of NIST and ISO frameworks
Strong interpersonal, organizational, time management, and problem-solving skills. Excellent documentation skills are a must.
Judgment and decision making; ability to apply general rules to specific problems to produce answers that make sense.
Teamwork; effectively participate and contribute as a member of a work group; ability to lead or follow others as appropriate in order to most effectively accomplish the goal or task at issue.
Communication; ability to clearly organize and effectively convey information
Ability to work under pressure; work concurrently on multiple initiatives in different stages, pay attention to detail, meet inflexible deadlines, and deal with difficult individuals while maintaining composure.
Education and Experience:
Degree or relevant work experience.
5+ years experience in an enterprise environment.
Prior experience in the following areas:
Security Policies and Procedures
Assessments, audits and certifications
Certified or working towards an Information Security certification with ISC² (CISSP), CISA, SANS or ISACA, is considered an asset.
Here at Trapeze, we strive to ensure that our employees succeed in all aspects of their career. Our culture provides individuals with the ability and opportunity to collaborate, learn and grow. We encourage our employees to openly contribute ideas, whether you are a student, graduate, or current member of the team. From day one, you will be assigned tasks that are meaningful to both the success of our business and your career development.