Clinical Reference Laboratory, Inc
Lenexa, KS, United States
Executive, Manager, It
GENERAL STATEMENT OF RESPONSIBILITY:
Overall responsibility for the cybersecurity of CRL and serves as CRL’s Security Officer. Primarily responsible for determining the efficacy of the enterprise-wide infrastructure and developing standardized enterprise-wide information security policies and procedures. Provides leadership in developing and implementing policies and procedures to ensure that cyber security measures meet all relevant legal, regulatory, client-mandated and internally generated requirements. Also responsible to support the execution of CRL’s quality management system as it applies to CRL’s IS department in the areas of software development, solution deployment and system administration.
Ensure CRL compliance with relevant information security laws, rules, and regulations by: Creating and maintaining a forward-looking vision of best practices related to cybersecurity and a plan to bring that vision to reality.
Directing all aspects of corporate security and access control.
Implement policies and procedures to limit access to IS facilities and equipment.
Developing and implementing security guidelines, standards, procedures, and training for multiple platforms and diverse system environments.
Coordinating analysis and remediation of information system security and regulatory compliance risks.
Establishing and maintaining monitoring for security events; investigating, analyzing, and coordinating security event responses; and recommending appropriate corrective actions.
Supporting the development and management of CRL’s Data Center Recovery Plan and the security elements of CRL’s business continuity plan, including data backup and disaster recovery.
Developing and delivering continuing education regarding cybersecurity issues to IS staff, relevant stakeholders and workforce members.
Maintaining alignment with CRL Privacy Officer to ensure correlation of Security and Privacy activities.
Enforce enterprise compliance with information security laws, rules, and regulations by: Working with constituent groups to create, document, implement, and manage policies, procedures, and practices that ensure the availability, integrity, and privacy of physical and information assets.
Reviewing the development, testing and implementation of security plans, products and control techniques.
Identifying and assessing security risks and exposures on new and existing infrastructure.
Developing and maintaining security best-practices, policies, and controls, and monitoring and recommending appropriate corrective action to ensure their compliance.
Monitor corporate compliance with policies and procedures related to physical access to all corporate facilities and equipment, related to IS, such as computer rooms and systems, network rooms and equipment, telephone facilities, etc.
Implement policies and procedures to ensure the security and efficacy of CRL’s corporate email system.
mplement policies and procedures to ensure proper and appropriate access to and from the Internet and CRL’s internal networks. Maintain and protect the confidentiality of all CRL and client information.
Be able to comply with all applicable federal, state, and local safety and health regulations that would apply to this job.
Evaluate enterprise information security and regulatory-compliance readiness by: Creating and maintaining a forward-looking vision of best practices related to enterprise information security and a plan to bring that vision to reality.
Weaving cybersecurity into the overall corporate compliance plan.
Conducting active penetration tests; discovering vulnerabilities in information systems, recommending corrective action, and monitoring and escalating to ensure appropriate fixes are implemented.
Liaising with both internal and external contacts with regards to cybersecurity incidents.
Providing technical consulting in the development and implementation of cybersecurity strategies for both SBU and IS initiatives.
Performing security risk assessments of the different business units, relevant external suppliers and the corporate systems and infrastructure and reviewing network architecture, server administration, and product development.
Evaluating and recommending solutions, best practices, and standards for enterprise security infrastructure including authentication and authorization services, intrusion detection, firewalls, and virus management.
Support IS Business Directors by assisting, from a security and access control position, in applicable audits and client visits.
Securing communication channels and guarding against and responding to network attacks.
Knowing basic cryptography concepts and applying these concepts to security goals for managing digital signatures and securing applications.
Ensure the full execution of CRL’s quality management system as it relates to CRL’s cybersecurity by:
Conducting regular audits of software development and other IS processes to ensure appropriate quality is delivered in these processes.
Identifying, capturing and trending metrics to track the performance of the IS department related to completion of tasks on time, code defects and adherence to procedures.
Acting as a key stakeholder in the quality management system team.
Setting strategic performance improvement goals for the IS department related to its various service centers.
Assisting the IS department is executing on process improvement initiatives.
Other duties as assigned.
denotes essential job function
Bachelor’s degree in related discipline and/or work experience.
CISSP (ISC2), GISP (GIAC), GSLC (GIAC) or CSQE (ASQ) certification highly preferred.
Qualifications to acquire CISSP (ISC2), GISP (GIAC), GSLC (GIAC) or CSQE (ASQ) certification within 12 months of hire required.
5 years IS systems administration experience with some focus in IS security. 2 years programming experience. Broad understanding of IT systems, software, networks, and security concepts used to evaluate security performance and integrity of such systems. Strong technical as well as operational experience. Demonstrated successful execution of large-scale IS/IT projects in complex environments. Strong skills in assessing client needs and delivering on such requirements. Strong understanding of web technologies and demonstrated experience with business process analysis and implementation. Experience with assessment, architecture, implementation, and monitoring of relevant organizations, processes, and technologies. Experience working in a laboratory or other healthcare environment preferred, but not required.
SKILLS & ABILITIES:
Excellent analytical, troubleshooting and problem solving skills.
Ability to analyze, construct and document business requirements.
Understanding of business issues as well as technical requirements.
Ability to work independently to deliver results consistent with an integrated compliance and/or quality approach.
Strong ability to elicit, articulate, and document information in a well-organized manner.
Excellent communication, interpersonal, and team building skills and ability to form trusted relationships at all levels.
Keen understanding of QA principles and their application to software development and other IS/IT functions.
Capacity to think strategically and develop plans to bring strategic vision to practical results.
Ability to solve complex problems and issues using sound business judgment.
Proven ability to handle multiple priorities concurrently and be proficient using MS Office, Visio, SQL, and Oracle.
Ability to work effectively in a team environment and to influence others successfully.
Characteristics of being energetic, detail-oriented, self-starter who is resourceful and creative.
Must be able to operate a keyboard and mouse.
Personal computers, midrange systems, communications equipment (telephones, faxes).
Flexible work schedule and some travel required.
denotes essential job function
Are you a returning applicant?
Clinical Reference Laboratory, Inc
Fax : 913-492-4308
Website : http://www.crlcorp.com