Share this Job

Current Employee? Click here to apply.

Information Security Manager

Date Posted:  Jul 19, 2022
Requisition ID:  347581

Indianapolis, IN, US, 46204

Work for Indiana

Grow your career with the State of Indiana! With more than 50 executive branch agencies, the State of Indiana is a diverse workforce offering employees stimulating and challenging projects across a broad scope of career opportunities. As a State of Indiana employee, you impact the well-being of Indiana’s communities every day.


At the State of Indiana, we don’t just talk about diversity and inclusion – Our goal is to create a welcoming, accessible, and equitable workplace, with a workforce that is representative of the State of Indiana population. As a proud equal opportunity employer, reasonable accommodations may be available to enable individuals with disabilities to interview and perform the essential functions of a role.


Next-level benefits at the State of Indiana are here! Be sure to review our expanded benefit package offerings below.


About the Indiana State Department of Health (IDOH):

The Indiana State Department of Health’s mission is to promote and provide essential public health services for a healthier and safer state.


Salary Information:
This position traditionally starts at an annual salary of $70,148.  The salary for this position may be commensurate with education and job experience.

About the Job:

The IDOH Security Officer is responsible for developing, maintaining, publishing and implementing the IOT and HIPAA information security standards, procedures, and guidelines to ensure the confidentiality, integrity and availability of the information systems. This includes designing and implementing programs for user awareness and security compliance that ensures appropriate security controls are in existence and enforced throughout the agency, and development of an overall information security strategy and roadmap.  Proactively protect the integrity, confidentiality and availability of information in the custody of or processed by the IDOH or its Business Associates.


The Information Security Officer would be responsible for ensuring appropriate organizational policies, procedures, and technical systems are in place to maintain confidentiality and compliance with all relevant laws, guidelines, and regulatory mandates to protect Protected Health Information (PHI).  Under the direction of the Chief Information Officer, the Information Security Officer would ensure that electronic systems architecture and functionality safeguards all confidential proprietary privileged and protected information assets.   This individual would be responsible for assisting with the Disaster Recovery plan and creating an information security risk mitigation plan based on sound risk analysis. He/She would oversee the selection, development, deployment, monitoring, maintenance, and enhancements to the organization’s security technology.  They would administer security programs and procedures.


The employee works in the agency’s Office of Technology and Compliance (OTC) and reports to the Chief Information Officer.

A Day in the Life:

The essential functions of this role are as follows:

  • Directs the efforts of information security standards through the development stage for all information systems 
  • Works with senior management to determine acceptable levels of security risk.
  • Conduct investigations and coordinate remediation of suspected information security incidents.
  • Provides direction for the physical protection of information systems assets and responds in a timely manner.
  • Develop, review, and approve security polices; maintain all information security standards, procedures, and guidelines, including compliance monitoring, procedures, and documentation. 
  • Communicate unresolved security exposures, misuse, and noncompliance situations to CIO and ISDH Privacy Officer
  • Directs the development, testing and implementation of information security software or devices; evaluate vendor services and products; manage information security relationships with IOT.
  • Conduct technical risk assessments, application security reviews, and coordinate with the IOT on network penetration testing activities.
  • Manages the development of procedures for detecting, reporting and investigation breaches in security, and along with law enforcement directs the investigation of security breaches
  • Interface with project management teams to assess project risk exposures and communicate feedback to project teams and CIO regarding risk minimization solutions.
  • Provide yearly and on demand trainings to workforce members to ensure understanding of security requirements.
  • Analyze application security needs based on the sensitivity or confidential nature of the data and implement security structure to support security needs of systems being developed or enhanced.
  • Manages the development, implementation and testing of appropriate security plans and control techniques necessary to protect against error and omissions, natural disaster that address in the agency's disaster recovery and business plans for information systems.
  • Monitors internal control systems to ensure that information access levels and security clearances are maintained.
  • Monitors changes in legislation and accreditation standards that affect information security.
  • Observe and monitor the security of websites, applications, computers, and databases.
  • Develop emergency procedures for handling security breaches, manage internal communication regarding security and provide estimates of budgetary requirements for security related items and upgrades.
  • Responsible for ensuring appropriate organizational policies procedures technical systems and workforce training to maintain confidentiality integrity and compliance with all relevant laws and guidelines.
  • Ensure the ongoing integration of information security with business strategies and privacy requirements. 
  • Lead the security incident response team in prevention investigation mitigation and reporting activities.
  • Works with Human Resources/Legal/IDOH Privacy Officer to ensure appropriate enforcement sanctions for security breaches. 
  • Perform and manage the security audit program to assess effectiveness of policies and procedures and systems security safeguards.
  • Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches. 
  • Oversees the selection, development, deployment, maintenance, and enhancement of the organization’s security technology.  

What You'll Need for Success:

  • Bachelor's degree in Computer Science or related discipline,
  • Security certification such as Certified Information System Security Professional (CISSP) Certified Information Systems Manager (CISM) or Certified in Healthcare Privacy and Security (CHPS) strongly preferred.
  • Eight to ten years of progressive experience in computing and security, including experience with Internet and cloud technology and related security issues 
  • Thorough knowledge of current Federal and State information security laws and regulations as they pertain to safeguarding ePHI. 
  • Experience in project management and change management.
  • Experience with disaster recovery planning, testing, auditing, risk analysis, business resumption planning and contingency planning
  • Extensive knowledge of network infrastructure and of database applications.
  • Ability to present to both large and small groups utilizing advanced oral and written communication skills.
  • Ability to implement processes and methods for auditing and addressing non-compliance to informationsecurity policies and standards.
  • Ability to conduct security investigations and provide data/information or internal investigations from an information systems perspective.
  • Ability to oversee or conduct internal risk and security assessments, as well as enterprise security management tool evaluations. 
  • Ability to provide guidance and direction for HIPAA Security and IT security-related user training and development programs.
  • Ability to work well under difficult and varied conditions and without close supervision
  • Experience with TCP/IP firewalls, VPNs and other security devices
  • High degree of personal integrity and trust.
  • Ability to work with personnel at all organizational levels.  
  • Strong customer service and problem solving skills required. Requires occasional weekend and nighttime work
  • In-depth understanding of the technologies and architectures supporting information security protection.  

Benefits of Employment with the State of Indiana:

The State of Indiana offers a comprehensive benefits package for full-time employees which includes: 

  • Three (3) medical plan options (including RX coverage) as well as vision and dental plans.
  • Wellness program (offers a premium discount for the medical plan and gift cards);
  • Health savings account, which includes bi-weekly state contribution; 
  • Flexible work scheduling options, including the potential for hybrid remote work for employees whose work may be performed outside state facilities;
  • Deferred compensation 457B account (similar to 401k plan) with employer match; 
  • Two (2) fully-funded pension plan options; 
  • A robust, comprehensive program of leave policies covering a variety of employee needs, including but not limited to:
    • 150 hours of paid new parent leave; 
    • Up to 15 hours of paid community service leave;
  • Combined 180 hours of paid vacation, personal, and sick leave time off; 
  • 12 paid holidays, 14 on election years; 
  • Education Reimbursement Program;
  • Group life insurance; 
  • Referral Bonus program;
  • Employee assistance program that allows for covered behavioral health visits; 
  • Qualified employer for the Public Service Loan Forgiveness Program; 
  • Free Parking for most positions;
  • Free LinkedIn Learning access;


Equal Employment Opportunity:

The State of Indiana is an Equal Opportunity Employer.


Current Employee? Click here to apply.

Nearest Major Market: Indianapolis