Information Security Officer (ISO)

May 04, 2021

Position Title: Information Security Officer (ISO).

Supervisor: Chief Executive Officer

Description: The ISO oversees all ongoing activities related to the development, implementation, maintenance, and adherence to the organization’s policies and procedures covering the security, and access to, patient health information in compliance with federal and state laws and the healthcare organization’s information privacy practices.


  • Development guidance and assists in the identification, implementation, and maintenance of organization information security policies and procedures in coordination with organization management and administration and the Compliance Committee.
  • Serves as a member of the Compliance Committee.
  • Performs initial and periodic information security risk assessments and conducts related ongoing compliance monitoring activities in coordination with the entities other compliance and operational assessment functions.
  • Identifies key security initiatives and standards, e.g., virus protection, security monitoring, intrusion detection, local and remote access control policies, and other technical security services and technical security mechanisms.
  • Ensures delivery of initial security training and orientation to all employees.
  • Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s security policies and procedures in coordination and collaboration with the HIPAA Privacy Officer.
  • Initiates, facilitates, and promotes activities to foster information security awareness within the organization and related entities.
  • Monitors HIPAA compliance and takes necessary actions.
  • Reviews all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information technology department.
  • Maintains current knowledge of technical security services and mechanisms and monitors advancements in information security technologies to ensure organizational adaptation and compliance.
  • Serves as information security consultant to the organization for all departments and entities.


  • BA, BS or graduate degree in Computer Science, Information Management, or related field.
  • Certification as HealthCare Information Security and Privacy Practitioner (HCISPP) and Certified Information System Security Professional (CISSP) are expected and Certified Information Security Manager and/or Certified Information Security Auditor are desired.
  • Experience in information technology and security, including experience interfacing with vendors.
  • Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff.
  • Experience with disaster recovery planning, testing, configuration management, auditing, risk analysis, business resumption planning, contingency planning, as well as contract and vendor negotiation experience.