Regional Information Security Officer

The Regional Information Security Officer (RISO) is responsible for executing and overseeing the system-wide information security program under the direction of the Chief Information Security Officer (CISO). The RISO promotes adoption of enterprise information security initiatives, assesses and manages risks, acts as an escalation point for security issues within their region, affiliate, or service line, and liaises between the business and System Services. The role involves coordinating efforts to ensure compliance with the UnityPoint Health (UPH) Information Security Program, safeguarding information assets, and performing ongoing risk assessments.

Location: Remote - applicants must reside in Iowa, Illinois, or Wisconsin, with monthly travel to UPH facilities.

At UnityPoint Health, you matter. We are recognized as a Top 150 Place to Work in Healthcare by Becker's Healthcare. Our Total Rewards program includes paid time off, parental leave, 401K matching, health and dental insurance, paid holidays, disability coverage, early wage access, tuition reimbursement, and adoption assistance. We foster a culture of belonging and provide support and development opportunities to help you thrive.

• Support projects to develop, implement, manage, and enforce security directives compliant with laws and mitigate risks.
• Manage the information security program, including policies, procedures, training, infrastructure, and monitoring.
• Integrate security with business strategies and ensure controls like access, disaster recovery, and incident response are addressed.
• Promote security awareness and conduct risk assessments and audits.
• Collaborate with vendors and third parties to enhance security measures.
• Monitor and report on the effectiveness of the security program.
• Coordinate with Privacy Officers to protect PHI.
• Stay updated on security threats, incidents, and regulations.

• Serve as the ISO for the region, providing guidance on security questions and concerns.
• Support UPH's strategic goals while addressing specific system needs.
• Monitor, investigate, and respond to security violations.
• Communicate policies and standards across all management levels.

• Oversee risk assessments and management processes.
• Assist with incident response, business continuity, and disaster recovery planning.
• Develop security awareness and training programs.
• Ensure compliance with UPH policies, standards, and legal requirements.
• Report non-compliance issues to authorities and leadership.

• Bachelor's degree required; equivalent experience acceptable if relevant to information protection.
• Minimum five years of experience in information security or healthcare regulations.
• Strong understanding of HIPAA, security controls, auditing, and disaster recovery.
• Excellent communication, planning, and organizational skills.
• Knowledge of computer systems, applications, and architecture.