Sample Security Officer Position Description (2003)

Position Title: Information Security Officer

Immediate Superior: Chief Compliance Officer, Chief Risk Manager, or Other Senior Executive, Chief Information Officer

General Purpose: The Information Security Manager is primarily responsible for all ongoing activities related to the availability, integrity and confidentiality of patient, provider, employee, and business information in compliance with the healthcare organization's security policies and procedures, regulations and law.


  • Develops in association with the organization's Information Security and/or Privacy Committee the information security policies and procedures.

  • Implements the organization's information security policies and procedures.
  • Coordinates the information security compliance activities.
  • Provides direct information security training to the workforce.
  • Monitors compliance with the organization's security policies and procedures among employees, contractors, alliances and other third parties and takes corrective action. Manages information security incident response.
  • Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.
  • Performs information security risk analysis and periodic information system activity reviews for information security processes.
  • Coordinates the development of the organizations disaster recovery and business continuity plans for information systems, and tests readiness.
  • Serves as an internal information security consultant to the organization.
  • Monitors advancements in information security technologies.
  • Monitors changes in legislation and accreditation standards that affect information security.
  • Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
  • Serves as the information security liaison for users of clinical, administrative, and behavioral systems.
  • Reviews all system-related information security plans throughout the organization's network and acts as a liaison to the Information Systems Department, privacy officer, and Security and Privacy Committees.
  • Baccalaureate degree in health information management or a related healthcare information technology field.
  • Possesses certification as Certified in Healthcare Privacy (CHP), Certified in Healthcare Security (CHS), or Certified in Healthcare Privacy and Security (CHPS).
  • Certification as a Registered Health Information Administrator (RHIA) or a Registered Health Information Technician (RHIT) with appropriate expertise and training in information systems.
  • Experience in project management and change management.
  • Knowledge of network infrastructure.
  • Knowledge of database applications.
  • Good presentation and communication skills.