Inova Information Security is looking for a dedicated Information Assurance Lead to join the team. This role will be full-time hybrid day-shift from Monday – Friday position. 

Inova is consistently ranked a national healthcare leader in safety, quality and patient experience. We are also proud to be consistently recognized as a top employer in both the D.C. metro area and the nation.

Featured Benefits:

Committed to Team Member Health: offering medical, dental and vision coverage, and a robust team member wellness program. Retirement: Inova matches the first 5% of eligible contributions – starting on your first day. Tuition and Student Loan Assistance: offering up to $5,250 per year in education assistance and up to $10,000 for student loans. Mental Health Support: offering all Inova team members, their spouses/partners, and their children 25 mental health coaching or therapy sessions, per person, per year, at no cost. Work/Life Balance: offering paid time off, paid parental leave, flexible work schedules, and remote and hybrid career opportunities.

Information Assurance Lead Job Responsibilities:

Maintains contact with outside organizations that participate in reciprocal agreements. Develops corporate emergency response procedures. Manages Business Continuity Planning (BCP) efforts, provides documentation and training to all employees having a need to understand the BCP process. Develops and implement an Information Assurance program aligned with business objectives. Creates security policies, standards and procedures; implement and manage a continuous monitoring program for security controls Establishes security metrics and key performance indicators (KPIs). Develops and maintains a risk register, prioritizing and addressing identified risks. Oversees the vulnerability management process ensuring timely remediation. Works with management to ensure that new applications, equipment, facilities, services, and systems include disaster recovery strategies and are assessed for adequate protective and audit controls. Develops and maintains security documentation for compliance purposes. Assess and manage security risks associated with third-party vendors. Develops and implements a security awareness program and conduct security training for team members at all levels. Creates and distributes security communications material.  Partners with vendors of disaster recovery services for use during a disaster situation. Facilitates timely identification, escalation, resolution, and follow-up for all outstanding issues.

Additional Requirements:

Work Schedule: Monday - Friday day-shift, hybrid Education: Bachelor's degree or HS Diploma/GED and 4 additional years of experience or Associate's degree and 2 additional years of experience. Experience: 7 years in Information Assurance or similar field or 9 years in system or network administration involving controls selection and gap analyses. Certification: One of the following active certifications CISSP, CISA, HCISSP, CISM or other relevant certification in information security or privacy required upon hire. Experience: Three years of management experience and five years of work experience in Disaster Recovery/Business Continuity planning and testing. Prior experience in healthcare, financial, or a related field. Experience with administrative system level settings is required. Five years of experience in HIPAA, Joint Commission, and Federal/State regulatory rules.