This class is responsible for creating and publishing DHSS IT security standards, monitoring compliance and managing divisional enforcement of these standards in order to comply with Department, State and Federal mandates for properly securing electronic information along with the direction and management of DHSS disaster recovery and business continuity planning activities pertaining to the Biggs Data Center.
Nature and Scope
Under the direction of a technical administrative superior, incumbent is responsible for providing leadership in the establishment, publication, and maintenance of DHSS IT security guidelines and standards. The incumbent in this class creates and periodically updates departmental IT security standards in order to keep departmental systems and data secure. The incumbent is responsible for managing divisional compliance with Health Insurance Portability And Accountability (HIPAA) regulations as they apply to the storage and transmission of electronic Protected Health Information (ePHI). The incumbent serves in setting statewide security standards in conjunction with DHSS and DTI technical staff and responds to state and federal audit issues as they relate to DHSS systems and data. Directs incident management process in response to perceived threats and attempted and successful security breaches by staff, hackers and malicious or misdirected software. Incumbent will also be responsible for direction and management of all disaster recovery and business continuity planning activities pertaining toDHSS systems at the Biggs Data Center including developing and updating plans, conducting tests, documenting the results of these tests and ensuring that these plans and processes are in compliance with State and Federal mandates and standards as required under HIPAA.
Essential functions are fundamental, core functions common to all positions in the class series and are not intended to be an exhaustive list of all job duties for any one position in the class. Since class specifications are descriptive and not restrictive, incumbents can complete job duties of similar kind not specifically listed here.
Establishes and manages divisional compliance with departmental security policies and procedures.
Promulgates policies and procedures to the Divisional Information Security Officers and publishes this information for management and staff awareness.
Creates and periodically updates departmental security policies and procedures in response to state and federal mandates, audit issues and perceived threats and breaches to DHSS systems and data.
Maintains current knowledge/expertise in appropriate security technology areas especially as it relates to state and federal mandates.
Provides training curricula for security education and awareness of departmental IT staff and divison ISOs on security standards.
Provides security stakeholders those criteria and references as needed for choosing appropriate methods for security standards compliance.
Acts as primary DHSS expert on IT security issues, standards, and practices.
Acts as the manager of all disaster recovery and business continuity planning activities pertaining to DHSS systems at the Biggs Data Center. Coordinates with DTI as necessary.
Knowledge, Skills and Abilities
The intent of the listed knowledge, skills and abilities is to give a general indication of the core requirements for all positions in the class series; therefore, the KSA’s listed are not exhaustive or necessarily inclusive of the requirements of every position in the class.
Knowledge of concepts, processes, platforms, and practices of DHSS IT systems and data security.
Knowledge of IT areas that interface with security platforms and processes.
Skill in the methods and practices of effective facilitation among IT and management staff.
Skill in oral presentations, and in writing and presenting visual materials to individuals and groups.
Ability to work with conceptual security structures, outlines, and models.
Ability to identify and articulate appropriate security measures and issues as they relate to DHSS IT systems and data.
Ability to mediate and negotiate effectively and impartially.
Ability to understand and interpret federal and state security requirements especially as they relate to ePHI and HIPAA.
Ability to communicate effectively in speaking and in writing.
Ability to conduct training sessions on securing DHSS systems and data.
JOB REQUIREMENTS for DHSS Information Security Manager Applicants must have education, training and/or experience demonstrating competence in each of the following areas:
Three years experience in information system security administration which includes planning, directing, coordinating, evaluating and monitoring IT security operations, establishing program objectives; planning short and long range program goals; developing, implementing and enforcing IT security program policies, procedures, rules and regulations, and ensuring compliance; providing security consultation to other organizational units.
Three years experience in disaster recovery and business continuity planning which includes developing, designing, and implementing plans.
Three years experience in information technology project management which includes planning, scheduling, staffing, coordinating, controlling, monitoring, evaluating and reporting on status of IT projects.