Join our team at Mosaic as the Director of Information Security, in this role you will serve as the Information Security Officer (ISO), playing a pivotal role in safeguarding our sensitive data and systems. Your primary focus will be on ensuring compliance with the HIPAA Security Rule, utilizing the NIST Cybersecurity Framework (CSF). If you are a seasoned information security professional with a passion for healthcare and a commitment to excellence, we invite you to apply for this key leadership position!

Local Omaha Metro candidates are highly preferred!

Essential Job Functions:

• Develop, implement, and maintain a comprehensive information security program aligned with the HIPAA Security Rule, NIST CSF, and industry best practices.
• Conduct regular security assessments and risk analyses, specifically addressing vulnerabilities related to HIPAA compliance and NIST CSF controls.
• Implement and manage security controls, including firewalls, intrusion detection/prevention systems, and data encryption, ensuring compliance with HIPAA and NIST CSF requirements.
• Develop and deliver security awareness training and education programs for employees, emphasizing HIPAA and NIST CSF best practices.
• Respond to security incidents and breaches promptly, adhering to HIPAA incident response requirements.
• Stay current on the latest security threats, industry regulations, and NIST CSF updates, implementing preventative measures.
• Collaborate with various departments, business units, and healthcare stakeholders to integrate security into all aspects of operations and ensure HIPAA compliance.
• Manage security budgets and resources in alignment with HIPAA and NIST CSF requirements.
• Prepare and present security reports to management, highlighting HIPAA compliance and NIST CSF adherence.

Education & Experience:

• Bachelor's degree in Information Security, Computer Science, or a related field (Master's degree preferred).
• Minimum of 8 years of experience in information security, with a preference for healthcare settings.
• Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Certified HIPAA Security Specialist (CHSS) or equivalent certification (preferred).

Knowledge, Skills & Abilities:

• Strong knowledge of Company policies and procedures.
• Ability to demonstrate Mosaic's 7 Essential Practices of Leadership.
• Experience with cloud security technologies.
• Proficiency in security governance, risk, and compliance (GRC) frameworks.
• Programming experience (e.g., Python, Bash).
• Strong analytical, interpersonal, and communication skills.
• In-depth understanding of the HIPAA Security Rule, NIST CSF, and other relevant healthcare regulations.
• Experience with security risk management, incident response, and vulnerability assessment tools.
• Strong critical thinking, problem-solving, and troubleshooting skills.
• Ability to identify and mitigate network vulnerabilities.
• Knowledge of firewalls, antivirus, and IDPS concepts.