Trillium Health seeks a versatile individual to fill the IT Business Specialist role. This position is accountable for maintaining the IT security risk registrar, IS&T project tracking system and assisting with IT Business Operations. The successful candidate will play a crucial role in ensuring the security and integrity of our information systems, focusing on managing the IT security risk registrar, including assigning tasks, setting deadlines, and providing the documentation required when a task is completed. The role will also manage the IT security training subscription and work with the Sr. IT Security Administrator to ensure a robust end-user training program. This position will be a liaison to departments to assist with IS&T project tracking and communications. Additionally, assist the AVP of IS&T with updating and maintaining all department contracts, metrics, and budget changes and managing the department's IT procurement activities and requests.

　　Key Job Responsibility Areas

　　General

　　Information Security Risk Registrar

　　Security Policy Development

　　IT Compliance

　　Security Awareness

　　Project Management

　　Miscellaneous

　　Detail of Key Job Responsibility Areas

　　General

　　Accountable for tracking and maintaining all information systems data and reports identifying potential security vulnerabilities and risks of infrastructure systems.

　　Accountable for working with the IT team or business liaison to ensure all identified risks have been addressed.

　　Collaborate with cross-functional teams to track security measures' impact on business processes.

　　Assists with the management of IS&T contracts to ensure compliance with regulations.

　　Assists with managing IS&T budget related to projects.

　　Must have strong communication skills (listening, written, and verbal) with the ability to communicate effectively with staff of varying technical expertise.

　　Foster relationship-building, internal and external rapport with all team members, objectivity, credibility, confidentiality, proactivity, responsiveness, teamwork, and mutual respect.

　　Demonstrable ability to independently prioritize and manage own and others' time efficiently, including meeting target dates without overlooking critical tasks or issues needing resolution.

　　Participates in organization-wide planning activities to ensure information technology investments support the business plan and other tactical and operational priorities.

　　Assist with managing information technology vendor relationships to maximize the organization's value, including vendor performance and adherence to contract terms and conditions.

　　Promotes effective, open communication and develops collaborative working relationships with all levels of staff, clinicians, educators, researchers, and leadership.

　　Contributes to enterprise-wide committees, task forces and performance improvement teams.

　　Assist in monitoring IS&T KPIs to ensure that the quality and delivery of IT services meet desired targets.

　　Information Security Risk Registrar

　　In partnership with the Associate Vice President, Information Systems and Technology and the Sr. IT Systems Administrator:

　　Develop risk assessment reports and communicate findings to relevant stakeholders.

　　Responsible for tracking the progress of all IT-identified risks and risk mitigation strategies on the risk registrar.

　　Assist with maintaining an information systems control environment responsive to the risks across all aspects of the organization’s information technology environment.

　　Support an information security governance framework based on a nationally recognized catalog of security and privacy controls (e.g., NIST 800-53 rev. 5, CMMC).

　　Schedule and track activities related to the information security program to ensure the day-to-day activities required to carry out the information security strategy, including annual risk assessments, PCI DSS certification, and other applicable local, state, federal, and contractual requirements.

　　Participate in the organization’s risk management functions through the information security governance committee.

　　In conjunction with the compliance functions of the organization, participate in any information security audits.

　　Security Policy Development:

　　Assist in developing, implementing, and maintaining information security policies, procedures, and guidelines.

　　Regularly review and update IS&T policies to align with industry best practices and evolving security requirements.

　　Stay informed about industry best practices and emerging threats, ensuring security policies are up-to-date and effective.

　　IT Compliance:

　　Assist with monitoring and ensuring compliance with relevant laws, regulations, and industry standards and frameworks related to information security (e.g., HIPAA, PCI, PII, NIST 800-53), ISO 27002, NIST Risk Management Framework, NIST Cybersecurity Framework, NIST AI Risk Management Framework, NIST Privacy Framework (as it relates to IT security).

　　Assist with the Payment Card Industry Data Security Standard (PCI DSS) compliance process, including the completion of the annual PCI DSS Self-Assessment Questionnaire (SAQ), the Report on Compliance (ROC), and an Attestation of Compliance (AOC) documenting that an ROC has been completed and the overall conclusion of the ROC. Perform PCI quarterly compliance reviews, ensuring adherence to Payment Card Industry Data Security Standard (PCI DSS) requirements. Standardize one process and PCI device.

　　Support internal and external audits with our SOC/SEIM vendor, providing documentation and evidence of security controls.

　　Ensure that all IS&T contracts are reviewed and updated annually with the current language to support updated regulations.

　　Security Awareness:

　　Promote a culture of security awareness and education among staff, conducting training sessions as needed and leveraging our vendor resources.

　　Keep stakeholders informed about the latest security threats and best practices.

　　IT Project Management: In partnership with the Associate Vice President, Information Systems and Technology:

　　Communicate with IS&T leadership and department liaisons related to project tasks.

　　Keeps IS&T leadership informed of key project activities and issues.

　　Assist with developing project plans, schedules, and budgets and track project progress.

　　Gather and document these requirements through various means and serve as a communication bridge between business stakeholders and technical teams.

　　Act as a change agent to help ensure that assumptions, development, and implementation of new systems/processes enhance the project's success and increase the project’s alignment with the business needs.

　　Identify, document, resolve, and escalate issues promptly.

　　Miscellaneous

　　Requires the ability and commitment to respect and support inclusiveness and diversity, including but not limited to individuals of different backgrounds, cultures, races, ages, sexual orientations, gender identities or expressions, experiences, opinions, etc.

　　Requires individual demonstration of commitment to the iCare values, Trillium behaviors and business impacts and modeling them in the organization.

　　Responsible for maintaining the confidentiality of all patient, client, employee, protected and proprietary information.

　　Employees are accountable for meeting the performance standards of their departments and must participate as requested in compliance audits, process improvement and quality improvement plans.

　　Other duties as assigned.

　　Qualifications

　　Associate degree in information technology or related field preferred.

　　At least two years of proven experience as a Business Specialist or in a similar IT role.

　　Experience in IT project management tracking preferred.

　　Knowledge of information security principles and best practices.

　　Experience with relevant regulations, standards, and frameworks, such as HIPAA, HITRUST, PCI DSS, and the NIST Cyber Security Framework desired.

　　Excellent communication and interpersonal skills.

　　Exhibit analytical skills and critical thinking to analyze problems, document needs, and communicate these needs to various audiences.

　　Demonstrate flexibility to adapt to new and changing information.

　　Demonstrate impeccable organization, attention to detail, and follow-up skills.

　　Be a self-starter, highly motivated, results-driven individual.

　　Possess a strong willingness to learn new technologies, platforms, and regulations and be comfortable working with unfamiliar technologies and processes.

　　Must be comfortable working and communicating with various user groups at all organizational levels.

　　Thrive in a team environment as well as in an individual setting.

　　Must be able to perform job functions with moderate supervision and drive collaboration across departments.

　　Physical Requirements

　　While performing the duties of this job, the employee is required to stand, sit, walk, use hands to finger, handle, or feel; reach with hands and arms; talk and hear. Occasionally, the employee must stoop, bend, lift, or move up to 25 lbs. Specific vision abilities required include close vision, distance vision, peripheral vision, depth perception and ability to adjust focus.

　　In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position.