ERT is excited to start searching for a new position within our IT team, the Director, Security & Risk Management. This critical person will report to the Chief Information Officer. The role is to lead ERT’s efforts to ensure that it protects the information it collects, maintains, and distributes, electronically or otherwise. Role has the responsibility to ensure that appropriate security policies, standards, procedures and IT infrastructure (including servers, databases, personal computers, 3rd party hosted services, and mobile devices) are designed and maintained to protect ERT’s information, both clinical data that ERT is a steward of for customers, and internal data. The role will be responsible for building on the current information security strategy at ERT, and working with senior management across ERT to ensure that budget, planning, infrastructure and implementation of information security based initiatives can be managed efficiently.
This is a wide reaching security role, and requires an individual with a sufficient technical background, a solid understanding of data security, and a demonstrated knowledge of compliance-related laws and regulations. The role should be well versed in building information security programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation and tracking of technical, procedural and policy based items that may impact the security, use and stewardship of the ERT’s customers and corporate data and information systems. Writing policies and documentation, communicating complex topics with ERT organizations and training on new policies and procedures are key responsibilities.
The role will work with various ERT departments in assessing, developing, implementing, and maintaining information security standards, communicating policies and procedures related to information security, within ERT data centers, SaaS and Cloud environments.
Finally, this position will implement control frameworks and ensure adherence with HIPAA/HITECH, 21CFR Part11 and manage security across all IT departments to ensure auditable and documented end-to-end processes for the operation and handling of ERT’s data and systems.
Define policies, procedures, communications and training for the following:
Qualifications and Skills Needed