
Job Information
XRHealth IT & Information Security Manager in Brookline, Massachusetts
Key Responsibilities:
Information Security Duties
Maintains knowledge of latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to XRHealth?s vision, mission, and operations.
Collaborates with leadership to develop company-wide information security polices and guidelines that align with external regulations and industry best practices.
Initiates and supports continuous improvement efforts
Ensures efficient implementations of Incident Reporting and Response Systems to address security incidents and/or breaches, respond to alleged policy violations, and/or complaints from external parties.
Coordinates the development and delivery of an education and training program on information security and privacy matters for employees and other authorized users.
Manage information security vendors, consultants and outside contacts to ensure strong partnership, service, and performance.
Provides input to the budget process to support strategic goals within industry benchmarks.
Serves as official corporate contact point for information security.
IT Duties:
Provide general user support and respond to internal IT requests; Act as escalation point for technical issues as needed
Maintain & support the Windows environment (packaging new applications, rolling out application updates, & configuration changes)
Resolve hardware & software incidents
Provide support for business applications including Microsoft Office 365, Teams, Salesforce
Assist in the administration of E-mail, Microsoft Teams, Active Directory, Zoom, Adobe, and other corporate IT and Security SaaS applications
Required Education/Experience:
Bachelor?s degree in CIS, CS, Business Administration, or similar program, or combination of relevant education and experience. Master?s degree is a plus.
3-5+ years relevant experience in information security and/or information technology with at least 1 year in healthcare industry.
Healthcare experience and familiarity with HIPAA, PCI-DSS, or NIST is required.
Professional certifications (CISSP, CISA, CISM or CASP) a plus.