Title: HIPAA Security Analyst
Location: Rockville, MD (ONSITE)
Start date— ASAP
Duration – One contractor for approximately 6-9 months
Locals preferred
100% Remote for right candidate
THE ASSIGNMENT OF WORK IS CONTINGENT UPON:
Selection of an acceptable task order proposal resulting from this task order proposal
Request.
Selected candidate may be required to complete a successful Background Investigation.
Selected candidate may be requested to provide further documentation of education
credentials and/or certifications.
Selected candidate may be required to participate in an in-person or Microsoft Teams video
interview.
Job Description:
A HIPAA Security Analyst ensures that an organization complies with the HIPAA Security Rule when handling electronic protected health information (ePHI). The HIPAA Security Analyst is expected to be well organized, detail oriented, understand and demonstrate compliance documentation writing vocabulary, have current and relevant IT technology experience with a strong security focus, work comfortably under pressure, and deliver on tight deadlines. This position is responsible for establishing a structured approach to aligning cyber/information security with business objectives, compliance standards in support of HIPAA Assessments needs and organizational information security practices.
- Support Information Security and Risk Management by maintaining and enforcing the Information Security and risk management framework/methodology, including execution of risk analysis and risk mitigation strategies.
- Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.
- Exhibit best-practice risk management skills through effective internal risk controls, risk monitoring, risk assessment, and improvement of risk management processes.
- Document and maintain the enterprise security risk governance methodology and risk management policy, process, and procedure.
- Organize and perform the enterprise security risk assessment and gap analysis for all technologies, products, and functions introduced, including maintaining risk project work plans to measure and manage progress.
- Track and document all internal risk reviews, assessments, risk acceptances, and security exceptions in a GRC tool.
- Work with the Senior Healthcare CISO/OHCIO to ensure a convergence of business, technical, and security requirements; liaise with stakeholders to align the existing technical installed base and skills with future architectural requirements.
- Develop a strong working relationship with the CISO to assess security compliance requirements, the effectiveness of security policies, and legal, regulatory, and audit requirements.
- Serve as the information security liaison and subject matter expert for all relevant EMR and PHI-related security risks.
- Participate in all relevant audits and risk assessment activities (whether operational risk, legal/compliance risk, reputational risk, or information security risk).
- Aid in the planning and execution of risk remediation activities including the identification of practical, cost-effective solutions.
- Facilitate team meetings between stakeholders, project leaders, and the Information Technology teams.
- Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required. This includes coordinating with and supporting the Senior CISO.
Keep informed on current threats and industry regulations.
Mandatory Qualifications:
Healthcare industry experience required with understanding of EMR systems and data privacy issues related to PHI
- Familiarity with other compliance frameworks such as HIPAA, HITRUST, HITECH, FedRAMP, FISMA, SOC, PCI, ISO, etc. is preferred.
- Experience with reviewing IT solution requirements and security controls implementation
- A strong understanding of the business impact of security tools, technologies, and policies.
- Strong working knowledge of HIPAA, Joint Commission, CMS, and other regulatory legislation pertinent to the healthcare industry
- Knowledge and experience working with a GRC Software tool
- Experience in conducting and responding to information security assessments and audits.
- Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
- Must possess a high degree of integrity and trust along with the ability to work independently
- Must be able to work independently as well as work as part of a fast-moving team
- Must be able to work at various locations, when necessary, along with working site visits to conduct assessment meetings
Educational Level:
A bachelor's degree in information systems CISSP, CISA, CRISC or other relevant security qualification
Years of Experience: 5+ years’ experience in an information/cyber security, risk, and compliance role to include advising executives, IT management, and other stakeholders on compliant strategies and solutions.
Interviews:
Please note that both remote and in-person interviews may be required for this opportunity.
