Job Overview
This role involves providing security and compliance assessment and consulting services to healthcare clients, focusing on information security frameworks, standards, laws, regulations, and protocols related to patient health information protection. Responsibilities include project management, security assessments, and client consulting to ensure regulatory compliance.
Responsibilities
- Manage assigned client projects, ensuring clear communication, managed expectations, and timely deliverables.
- Conduct on-site Information Security and Compliance assessments using specialized tools and methodology.
- Develop or provide guidance on Information Security and Compliance policies and processes.
- Maintain working knowledge of healthcare security/compliance laws, regulations, and standards including HIPAA, HITECH, and HITRUST.
- Ensure adherence to cybersecurity standards and practices, particularly the HIPAA Security Rule and NIST Cybersecurity Framework.
- Deliver high-quality client support via conference calls, on-site meetings, and electronic communications.
- Manage client expectations and facilitate engagement throughout the assessment process.
- Contribute to enhancing current services or developing new client offerings.
- Develop Corrective Action Plans following Security Risk Assessments and client-requested documentation such as policies and procedures.
- Identify opportunities to reduce cybersecurity risks and communicate them internally.
- Present to technical and administrative audiences.
- Understand outputs from systems like endpoint protection, encryption, vulnerability scans, and IT operations dashboards.
- Write and deliver reports based on security assessment results.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Systems, or equivalent experience preferred.
- Minimum of 5 years of experience in information security consulting, assessment, governance, risk, and compliance required.
- Prior cybersecurity experience within the healthcare industry preferred.
- Knowledge of company-wide information security strategy and strategic planning.
- Experience with cybersecurity remediation and Corrective Action Plan development and implementation.
- Familiarity with disaster and business continuity planning.
- Understanding of training and awareness program strategies.
- Knowledge of risk tolerance, exposure, and program management.
- Awareness of potential and emerging threats, vulnerabilities, and control techniques.
- Experience with incident response and breach investigation planning.
- Knowledge of security standards, architectures, frameworks, and best practices such as ISO27001/27002, NIST Cybersecurity, COBIT, and PCI DSS.
- Understanding of international, federal, and state regulatory requirements such as HIPAA, SOX, and GDPR.
- Strong written and verbal communication skills required.
