The Security and Privacy Manager is responsible for the selection, implementation, and enforcement of security and privacy controls necessary to ensure adequate protection of information assets used in support of the project, and to ensure that the project complies with all applicable federal and state privacy laws and regulations and conforms to industry best practices for health care security and privacy. Applicable requirements include but are not limited to HIPAA Privacy and Security Rules, relevant provisions in the HITECH Act, the Privacy Act, and relevant state laws, policies, and regulations. The Security and Privacy Manager will be the designated point of contact who receives privacy and security-related complaints, if any, associated with project activities and who is able to provide further information about security and privacy-related matters. Key aspects of the job will include specifying and documenting privacy and security regulations and associated compliance requirements, performing privacy impact assessments, documenting administrative, physical, and technical security requirements and working with project management and operational team members to ensure that all privacy and security requirements are adequately addressed. The incumbent will also work in collaboration with IT operations and systems administration personnel to select, implement, and respond to security monitoring tools for solutions deployed in support of the project. The Security and Privacy Manager also serves as the primary project liaison to the State privacy officer (or equivalent) and State Chief Information Security Officer (or equivalent) in all privacy- or security-related matters, most importantly including notification and resolution of any incidents that may occur. Key responsibilities include: Analyze project operations, systems, data, and operating environments to determine appropriate security and privacy practices and corresponding controls Translate statutory and policy obligations into implementable privacy and security requirements Produce privacy and compliance documentation, including Privacy Impact Assessments, risk analyses, incident reports, and related artifacts Produce security documentation, including a security management plan, contingency plan, and incident response plan Work closely with project team members to make sure that applicable privacy and security requirements are incorporated in standard operating procedures and other controls implemented for the project Participate in business, technical, and security reviews of the operational environment and technical solution to explain privacy controls Serve as a subject-matter expert to project management regarding privacy and security requirements Minimum Qualifications: Minimum 5-7 years relevant experience At least 3 years of experience specifically managing health privacy and security Bachelor’s Degree or equivalent experience Strong knowledge of HIPAA and other privacy and security laws, regulations, and corresponding practices Experience establishing and maintaining privacy and security compliance in a health-related setting Familiarity with government standards and practices relating to the proper handling of personally identifiable information (PII) and protected health information (PHI) Knowledge of and experience working in cloud computing environments such as Microsoft Azure or Amazon Web Services Additional Qualifications: Relevant security certifications CISSP, HCISPP, CISA, or CHPS Experience with State health agency operations and information exchange processes Prior experience performing in the role of a security or privacy manager/officer in a health industry or government setting Familiarity with cloud computing environments and solution architectures Experience working in environments that process personally identifiable information (PII) or protected health information (PHI) Excellent organizational, interpersonal, verbal, and written communication skills Ability to work effectively as part of an integrated project team, while also taking ownership of assigned tasks to successfully achieve explicit delivery dates and milestones Ability to perform comfortably in a fast-paced, deadline oriented work environment Ability to successfully execute many complex tasks simultaneously |
Subscribe to:
Post Comments (Atom)
EmoticonEmoticon