Founded in 1906, McLeod Health is a locally owned and managed, not for profit organization supported by the strength of more than 900 members on its medical staff and more than 2,900 licensed nurses. McLeod Health is also composed of approximately 15,000 team members and more than 90 physician practices throughout its 18-county service area. With seven hospitals, McLeod Health operates three Health and Fitness Centers, a Sports Medicine and Outpatient Rehabilitation Center, Hospice and Home Health Services. The system currently has 988 licensed beds, including Hospice and Behavioral Health. The hospitals within McLeod Health include: McLeod Regional Medical Center, McLeod Health Dillon, McLeod Health Loris, McLeod Health Seacoast, McLeod Health Cheraw, McLeod Health Clarendon and McLeod Behavioral Health.  

Essential Job Responsibilities/Expectations
1.   Serves as the organization’s Chief Information Security Officer (CISO).
2.   Conduct business in compliance with McLeod Health’s Code of Conduct and immediately reports violations to the designated authority and helps investigate alleged wrongdoing.
3.   Interpret applicable federal and state law and regulations to plan audit parameters, determine compliance with such regulations and communicate necessary changes in compliance with regulatory requirements.
4.   Develop and execute a system-wide compliance audit plan, effective tools, and methodologies to ensure data integrity and compliance with federal and state regulations pertaining to healthcare program requirements for information technology security.
5.   Ensure McLeod Health is appropriately monitored for IT security compliance.
6.   Maintain a focus on high-risk areas to determine if appropriate controls are in place to adequately mitigate risks.
7.   Works collaboratively with others across the organization to help resolve areas of identified security risks.
8.   Develop an understanding of the operations, systems processes and procedures used in the areas being audited.
9.   Conduct security audits and review the results then devises appropriate recommendations and corrective action plans.
10.   Manages the performance of subsequent audits to ensure completeness and oversees the execution of corrective action plans.
11.   Work in conjunction with the HIPAA Privacy Administrator on the successful developments, execution, and completion of the annual HIPAA Audit Schedule.
12.   Evaluates the IT threat landscape and devises cybersecurity policy and controls to reduce risk by conduction auditing and compliance initiatives.
13.   Contribute to the development of cyber resiliency to rapidly recover from hacking, security incidents or infringements.
14.   Participate in the development and/or enhancement of an information security management framework.
15.   Develop and deploy continuous cybersecurity training.
16.   Recommend appropriate industry standard policies and procedures and advises on content.
17.   Serves as a security liaison to Network Services.
18.   Generate periodic reports to the Corporate HIPAA Office on the state of IT security compliance.

Job Requirements
Qualifications /Training:
•   Minimum of five years of healthcare auditing experience preferred.
•   Be able to demonstrate a competence in performing audits, produce reports, formulate remediation or mitigation plans, and conduction follow-up audits.
•   Must have project management experience.
•   Must have proficiency in MS Office applications.

Licenses/Certifications/Registrations/Education:
•   Bachelors Degree in business related discipline required.
•   Certification in industry related discipline preferred.

Physical Requirements: Refer to Occupational Risk Assessment