Principal Information Security Architect - 2200 River Plaza Drive

We are so glad you are interested in joining Sutter Health! 

Organization:

SHSO-Sutter Health System Office-Valley

Position Overview:

Is responsible for implementing solutions and activities related to the development, implementation, and improvement of the Sutter Health information assurance program to maintain compliance with applicable federal and state laws and regulations and outlined Sutter Health information security policies. Ensures that information assets are adequately protected using available solutions and information security best practices. Additionally, is responsible for driving the design and development efforts related to information security architecture, data confidentiality, integrity and availability as it aligns with the enterprise roadmap. May interact w/ functional leaders to support broad technical initiatives. Works on highly complex projects that require in-depth domain knowledge of two or more specialized architecture areas, have a solid understanding of information security tools and best practices as well as regulatory and compliance requirements that impact the security of the organization, including Health Insurance Portability and Accountability Act (HIPAA), and Health Information Technology for Economic and Clinical Health Act (HITECH).

(Intended for use by SHSO only)

Job Description:

EDUCATION:
Equivalent experience will be accepted in lieu of the required degree or diploma.

Bachelor's: Healthcare Administration, Information Technology-Security or related field


CERTIFICATION & LICENSURE:
CISSP-Certified Information Systems Security Professional within 1 Year of hire

HCISPP-Health Care Information Security and Privacy Practitioner within 1 Year of hire

OR MCSE-Microsoft Certified Systems Engineer within 1 Year of hire

 

TYPICAL EXPERIENCE:
8 years of recent relevant experience.


SKILLS AND KNOWLEDGE:
Extensive knowledge regarding compliance with security regulations, Office for Civil Rights, Federal Sentencing Guidelines, and healthcare laws and regulations

In-depth working knowledge of and experience implementing and operating an information security program based on HIPAA Security Regulations and other pertinent and applicable state and federal laws and regulations related to the protection of health information.

Working knowledge of electronic systems and emerging technologies that impact information security.

Knowledge of management of an effective ethics and compliance program, including training, monitoring, conducting and documenting investigations, addressing violations, and monitoring corrective actions.

Competency in compliance and risk management.

Knowledge of other disciplines outside own area of expertise, including business planning, clinical disciplines, human resources, finance, clinical and financial auditing, and information technology.

Understanding of information technology approaches, applications, tools, methodologies, and technology platforms.

Knowledge of architecture and interrelationships (technical and functional).

Knowledge of information security standards with an emphasis on National Institute of Standards and Technology (NIST) cyber security standards, guidance, and special publications, and their application in the technical operational environment.

Knowledge of applicable federal and state security laws and regulations, and a working knowledge of electronic systems and new technologies that may impact information security compliance.

Ability to function effectively in a dynamic and challenging environment and to affect change.

Ability to analyze problems and issues and to understand the legal and operational impact of decisions from a variety of perspectives.

Demonstrated ability to initiate, plan, execute, and control activities to meet requirements and timelines of system-wide initiatives or projects that are frequently driven by new or changing regulations.

Verbal, written, and presentation skills, including the ability to translate complex legal and regulatory requirements and issues into terms readily understood by management, line, and clinical personnel.

Ability to organize, prioritize, plan, and work effectively with managers to achieve compliance with objectives.

Demonstrated ability to maintain confidentiality and exercise good judgment as it relates to the handling of sensitive material

Advanced level of competency using Word processing, spreadsheet, presentation, and office communications applications, preferably the Microsoft Suite.

Ability to translate and provide sound advice to senior management regarding the impact of emerging industry trends in compliance enforcement, legislation, and regulations on Sutter Health’s business strategies and it’s not-for-profit mission.

Ability to understand and lead by communicating vision, exhibiting decisiveness, sponsoring change, and supporting the larger organization’s success.

Investigative skills, including the ability to skillfully obtain accurate, complete, and detailed information necessary to make accurate and well-founded determinations about compliance failure.

Ability to plan, organize, implement, and evaluate compliance and risk management programs in a healthcare setting.

Conceptual, analytical, and problem-solving skills in a complex environment.

Ability to lead diverse ad-hoc teams and facilitate through conflict resolution to create successful team results.

Experience with Enterprise Technology Architecture models, including TOGAF, Zachman, and NIST Cyber Security Framework, and NIST 800-160 (System Security Engineering).
 

Job Shift:

Days

Schedule:

Full Time

Shift Hours:

8

Days of the Week:

Monday - Friday

Weekend Requirements:

None

Benefits:

Yes

Unions:

No

This position is work from home eligible.

Position Status:

Exempt

Weekly Hours:

40

Employee Status:

Regular

Number of Openings:

1

Pay Range is $69.25 to $103.88 / hour

The salary range for this role may vary above or below the posted range as determined by location. This range has not been adjusted for any specific geographic differential applicable by area where the position may be filled. Compensation takes into account several factors including but not limited to a candidate’s experience, education, skills, licensure and certifications, department equity, training and organizational needs. Base pay is just one piece of the total rewards program offered by Sutter Health. Eligible roles also qualify for a comprehensive benefits package.