Information Technology Specialist – (ISSO)

PLEASE NOTE - This position may require temporarily relocation to other TONHC Facilities: Sells Hospital, Santa Rosa Health Center, San Simon Health Center, and San Xavier Health Center.

Position Summary

The incumbent carries out vital projects that are central to the mission of securing the infrastructure and RPMS for the Tohono O'odham Nation. The work involves complying with, monitoring compliance with, and facilitating compliance with TON HC Hospital, HHS and I.H.S. security policies and the Tohono O'odham Nation.

This position supports high profile and high cost investments and projects that affect medical care and business practices within the TON HC. This position is under the supervision of the TON HC Hospital Chief Information Officer, Department of Information & Technology who provides general assignments and responsibilities in terms of broadly defined objectives, functions, or missions.

Essential Duties And Responsibilities

• Planning, coordinating, training, supporting, upgrading, maintaining and implementing information security for the infrastructure and RPMS.
• Responsible for coordinating information security requirements with TON HC Hospital, facilities, and I.H.S. ISSOs to ensure RPMS and infrastructure is adequately secured and meets all federal information security legislation, directives, policies, and procedures as well as security industry best practices.
• Provides technical and policy related support and coordination to the TON HC Hospital IT security program that affects TON HC Hospital health care organizations.
• Provides security policy and procedures implementation and maintains required infrastructure and RPMS documentation such as a system security plan, continuity of operations (COOP), emergency management plan (EMP) and Plan of Action and Milestones (POA&M).
• Participates in conducting security evaluations, testing, reviews, audits of processes such as risks and self-assessments, vulnerability scans and penetration tests, COOP/EMP testing and other security oriented processes.
• Plays an integral role in the certification and accreditation (C&A) process for RPMS including conducting reviews such as Security Control Testing and Evaluation (ST&Es), tracking progress, defining POA&Ms, preparing reports and guidance for various levels within the agency utilizing applicable regulation, law, policy, procedure, directives and guidance.
• Performs security duties related to the Federal Information Security Management Act (FISMA) and any federal directives or guidance as it becomes relevant. Conducts reviews of security logs, performs log analysis, and provides suggestions for improvement and mitigation of findings.
• Reviews, develops, tests, and recommends standard security configurations for the infrastructure and RPMS.
• Assists with internal and external system audits, incident response, and COOP and disaster recovery efforts as required.
• Coordinates with the Network Operations and Security Center (NOSC) personnel to ensure the infrastructure and RPMS is adequately secure.
• Coordinates with standards, configuration, and change management committees to ensure infrastructure and RPMS information security issues are properly addressed.
• Ensures consistency of implementation of security controls throughout the agency as well as determining if security controls are operating as intended creating a balance between business needs and security requirements.
• Reviews security software currently on the market which can be integrated with the infrastructure and RPMS, as appropriate.
• Assures software security is maintained, including the use and selection of software protection devices, which prevent unauthorized access to system programs or data.
• Routinely accesses information security advisories (US-CERT for example), and other Security Bulletin Boards, Web sites, etc. Reviews and evaluates all new information and obtains documents required to ensure adequate security for the infrastructure and RPMS.
• Recommends changes to security policies or procedures based upon findings. Keeps current of state-of-the-art information security equipment/software and applicable legislation, directives, policies, and procedures.
• Contributes to Enterprise Architecture Management, Software and System Acquisition Management and Investment Control management.
• Ensures the security of infrastructure and RPMS while balancing the needs of system end-users in multiple lines of business throughout the TON HC Hospital Health care systems.
• Responds to infrastructure and RPMS security related priorities set by the I.H.S. Office of Information & Technology, I.H.S. Information Systems Advisory Committee and TON HC Hospital CIO.
• Collaborates with staff of the Office of Information & Technology to ensure that infrastructure and RPMS adapts and conforms to evolving industry standards, legislative and regulatory mandates for system security and privacy. Identifies areas of noncompliance and recommends remediation plans as needed.
• Contributes to a team effort.
• Performs other job related duties as assigned.
  
  

Knowledge, Skills, And Abilities

• Knowledge of the Tohono O'odham culture, customs and traditions.
• Expertise implementing practices and principles relating to computer, network and telecommunications security in a federal information systems environment.
• Expertise in developing system security plans, performing risk analyses, conducting security test and evaluations, and developing and testing contingency plans.
• Knowledge of health care industry information technology and security requirements.
• Knowledgeable of Indian Health Service systems operations and their interactions with tribal systems.
• Knowledge of the Mumps/M Programming Language.
• Knowledge of Cache and Ensemble database systems.
• Expertise and skills that demonstrate proficiency in the system design, installation, testing, troubleshooting, and securing multiple environments such as Microsoft Windows/AIX/Linux, UNIX, Networks, Telecommunications, and relevant software on a range of hardware platforms and in a broad scale environment including Personal Computers and related Operating Systems and application software.
• Expertise and skills with developing plans for and performing analyses and conducting tests on network, server, and personal computer information technology.
• Ability to work in a dynamic environment to support multiple federal, tribal, contractor, and other government partners at various locations in particular with constantly changing information security needs.
• Knowledge of RPMS and an understanding of its value to the TON HC Hospital primary business activity of patient care.
• Ability to organize work, set priorities, and determine resource requirements; determine short or long term goals and strategies to achieve them; coordinate with employees to accomplish goals; monitor progress, and evaluate outcomes.
• Ability to communicate orally and in writing.
• Ability to make effective presentations and develop memoranda, letters emails, briefings and reports.
• Ability to effectively interact with Management Officials within I.H.S. in order to foster good working relationships in instances where issues are controversial and the potential for disagreement exists.
• Ability to serve as a spokesperson for DIS or RPMS security related topics.
• Ability to negotiate and coordinate with managers, staff workers and counterparts in the researching of security related issues.
• Ability to develop informed responses and recommendations regarding those issues.
  
  

Minimum Qualifications

• Bachelor's Degree in Computer Science or related field and four years' work experience in system administration, computer operations, system networks, or an equivalent combination of training, education, and work experience which demonstrates the ability to perform the duties of this position.
• Two year work experience in security management to include experience with project tracking and hands-on experience in successfully managing and executing cross-functional strategic projects, or an equivalent combination of training, education, and work experience which demonstrates the ability to perform the duties of this position.
  
  

Licenses, Certifications, Special Requirements

• Upon recommendation for hire, a criminal background check is required to determine suitability for hire, including a 39-month Motor Vehicle Record.
• May require possessing and maintaining a valid driver's license, (no DUIs or major traffic citations within the last three years).
• If required, must meet the Tohono O'odham Nation tribal employer's insurance requirements to receive a driver's permit to operate program vehicles.
• Based on the department's needs, incumbents may be required to demonstrate fluency in both the Tohono O'odham Language and English as a condition of employment.