Regional Information Security Officer

The Regional Information Security Officer (RISO) is responsible for the execution and oversight of the system-wide information security program at the direction of the Chief Information Security Officer (CISO) as it relates to the RISO's region, affiliate, or service line. The RISO is responsible for promoting adoption and supporting the enterprise information security initiatives; assessing and managing information security risks; acting as the escalation point for information security issues for the region, affiliate, or service line; and serving as the liaison between the business and System

Services to promote, reinforce, and ensure compliance with the UnityPoint Health (UPH) Information Security Program. The RISO will coordinate efforts with the UPH CISO and other RISOs to share knowledge, resources, and information in order to know and understand the information security policies, procedures, guidelines, and standards and how to most appropriately apply them. The RISO is responsible for safeguarding information in all forms and the associated assets within their region, affiliate, or service line, which is accomplished by the performance of regular and on-going risk assessments of administrative, physical, and technical controls and management of the risk mitigation plan(s).

Location: Remote - applicants required to live in Iowa, Illinois, or Wisconsin as there is monthly travel to the UPH facilities.

At UnityPoint Health, you matter. We're proud to be recognized as a Top 150 Place to Work in Healthcare by Becker's Healthcare several years in a row for our commitment to our team members.

Our competitive Total Rewards program offers benefits options that align with your needs and priorities, no matter what life stage you're in. Here are just a few:

• Expect paid time off, parental leave, 401K matching and an employee recognition program.

• Dental and health insurance, paid holidays, short and long-term disability and more. We even offer pet insurance for your four-legged family members.

• Early access to earned wages with Daily Pay, tuition reimbursement to help further your career and adoption assistance to help you grow your family.

With a collective goal to champion a culture of belonging where everyone feels valued and respected, we honor the ways people are unique and embrace what brings us together.

And, we believe equipping you with support and development opportunities is a vital part of delivering an exceptional employment experience.

Find a fulfilling career and make a difference with UnityPoint Health.

Advancement of Information Security Program in Region, Affiliate, or Service Line

• Support projects to create, implement, manage, and enforce information security directives as mandated by federal, state, and local agencies and to appropriately mitigate information risks
• Support the development and ongoing management of the information security program for UPH including policies, procedures, guidelines, awareness and training plan, overall security infrastructure, and monitoring
• Ensure the ongoing integration of information security with business strategies and requirements within the region, affiliate, or service line
• Ensure access control, disaster recovery, business continuity, incident response, risk management, and other information security best practices, are properly addressed in the region, affiliate or service line
• Support information security awareness and training initiatives to educate workforce about information risks and how to mitigate them
• Participate in on-going information risk assessments and audits to ensure that information systems are adequately protected and meet all regulations
• Work with vendors, outside consultants, and other third parties to improve information security within the organization
• Monitor the effectiveness of the information security program throughout region, affiliate, or service line and provide regular reports to the local Compliance Committee and the CISO
• Work closely with the Regional Privacy Officers for ongoing application of technology functionality to protect PHI
• Stay up-to-date with current and emerging information security threats, reported incidents and new and updated data protection laws and regulations

Customer Service

• Fulfills the ISO role for the assigned region, affiliate, or service line
• Advises, communicates, and responds to individuals regarding information security questions
• and/or concerns
• Supports the UPH strategic direction and balances it with the specific business and information systems needs of the customers
• Performs daily monitoring, investigation, and mitigation of security violations
• Understands system security requirements by business function
• Communicates with all levels of management and end users concerning the policies, procedures, standards, and guidelines related to information security
• Ensures that the communication occurs and is appropriate at each level

Information Security Standards, Policies, and Compliance

• Oversees risk assessment and risk management processes for their assigned region, affiliate, or service line
• Assists in the investigation, planning, documentation, implementation, maintenance, and testing of incident response, business continuity, emergency operations, and disaster recovery plans and audit controls
• Assists in the development of an education program that promotes security planning, awareness and training throughout the organization
• Provides expertise to projects to ensure compliance with UPH policy, security and privacy standards, and state and federal laws and regulations
• Reports non-adherence and non-conformity to standards and policies to local governing bodies and the CISO

• Bachelor's degree is required. Equivalent education and work experience will be accepted only if previous experience applies to specific work in the information protection field
• At least five (5) years of experience in information security or healthcare regulations
• Broad understanding of HIPAA compliance regulations, information protection and technology controls, auditing processes, and disaster recovery/contingency planning
• Excellent communication, planning, and organizational skills
• Understands computer system functionality, limitations, and architecture of supported applications and platforms