Specialist, Information Technology Cyber & HIPAA Security

Description

JOB SUMMARY

The Information Technology Cyber and HIPAA Security Specialist is responsible for ensuring The Wright Center is compliant with Information Technology security standards, including HIPAA security regulations for the protection of electronic Protected Health Information (ePHI). Duties include, but are not limited to, the creation and updating of Information Technology security policies and procedures, auditing the organization's adherence to these policies on a continual basis, performing mock testing of procedures. The specialist will also assist in the evaluation of security requirements of new applications and services, review application security logs and configurations, and work closely with the Information Technology team to identify and resolve security concerns. Additionally, this role will oversee HIPAA security compliance efforts as they relate to the Information Technology team, ensuring proper access controls, encryption and incident response measures are in place to safeguard sensitive health information.

REPORTING RELATIONSHIPS

This position reports to the Enterprise Vice President, Information Technology and Innovation and Chief Information Officer.

ESSENTIAL JOB FUNCTIONS

• Maintains current and appropriate body of knowledge necessary to perform the information security management function.
• Effectively applies information security management knowledge to enhance the security of the open network and associated systems and services
• Review application and system logs relating to all aspects of information security. Regularly review audit logs and monitoring systems to detect unauthorized access, breaches or other suspicious activities related to ePHI.
• Completing an annual Security Risk Assessment (SRA) and maintaining all changes/remediations to the SRA throughout the calendar year
• Perform regular security risk assessments to identify vulnerabilities, threats and gaps in the protection of ePHI and develop action plans for mitigation.
• Create, review, and update security policies and procedures. When necessary, ensure alignment with HIPAA standards and best practices in the protection of health information.
• Participates in short-term and long-term planning of Information Technology security projects and initiatives
• Provides meaningful input, prepares effective presentations, and communicates information security objectives
• Perform periodic mock testing of incident response procedures, contingency plans and penetration tests while documenting the results
• Provide ongoing training and awareness programs for employees to ensure compliance with CyberSecurity and HIPAA security requirements and best practices for handling ePHI. 
• Initiates, facilitates, and promotes activities to foster information security awareness within the organization and related entities, including weekly Information Technology tips and podcasts and phishing campaigns.
• Lead investigation and response to any security breaches and/or incidents involving ePHI, ensuring that breaches are reported in accordance with HIPAA breach notification rules.
• Reviews instances of noncompliance and works effectively and tactfully to correct deficiencies
• Collaborates with other team members as needed or directed
• Work closely and effectively with IT, legal and compliance teams to develop and enforce technical safeguard and administrative controls for protecting patient information.
• Ensure compliance with HIPAA Security rule, ensuring that all IT systems and processes meet federal regulations for protecting ePHI
• Implement and monitor access controls ensuring that only authorized personnel have access to sensitive data based on roles and responsibilities
• Implement disaster recovery and business continuity plans for handling ePHI
• Monitor third-party vendors and service providers working directly with the IT team to ensure they comply with HIPAA security standards including conducting security assessments and audits of their systems when applicable 
• Stay up to date with changes to HIPAA regulations, healthcare security standards and emerging threats to ensure ongoing compliance and protection of ePHI
• Makes recommendations for the improvement of operational and procedural changes
• Special projects as assigned

Requirements

REQUIRED QUALIFICATIONS

• Meet The Wright Center for Community Health and its affiliated entity The Wright Center for Graduate Medical Education EOS© People Analyzer Tool
• Buy in and experience working in the EOS® model (strongly preferred)
• Mission-oriented; represents the enterprise in a professional manner while demonstrating organizational pride
• Bachelor's Degree in Security and Risk Analysis or technical training equivalent
• Certified Systems Security Professional (CISSP) or Certified Security Manager (CISM)
• Certified HIPAA Privacy Security Expert (CHPSE)
• CompTIA IT Fundamentals , A , Network , Security or equivalent certificate a plus
• A high level of understanding and knowledge of integrated information systems, technology products and services to assist end users with timely and accurate problem resolution
• Must have a strong understanding of HIPAA requirements for protecting ePHI
• Security Incident Management experience, including incident detection, response and breach notification per HIPAA requirements
• Must have an analytical nature in approaching problems and a detail-oriented mindset
• Ability to manage day-to-day responsibilities with minimal direct supervision but must also be able to work in a team environment
• Ability to establish and meet expected completion dates for work being performed
• Exceptional planning skills and ability to work within change control parameters
• Demonstrated commitment to providing customer-focused quality service
• Must have excellent communication skills. including the ability to communicate security risks to both technical and non-technical stakeholders
• Self-Motivated, creative, logical, and critical thinker.
• Seeks out new ways of improving technical skills