Description
About the job
Objective: To take lead in providing expert advice and the promotion of Information Security and Data protection, manage HIPAA & MARS-E compliance and best practices in setting and maintaining standards and procedures across the organization.
Position Responsibilities:
Creating, updating, and disseminating HIPAA & MARS-E policies and procedure.
Stay up to date with new HIPAA and MARS-E regulations.
Will be responsible for driving MARS-E compliance Internal Audit and closure of Gap identified and then working with the external 3PAO to get one of our client MARS-E certified on an annual basis.
Acts as primary security contact for FSL in all third-party security reviews, audits, and assessments
Will also be responsible for the continuous management of information security policies, procedures, and technical systems in-order to maintain the confidentiality, integrity, and availability of all organizational information systems.
Responsible for creating, implementing, and enforcing organization's security program that focuses on the administrative, physical, technical, and organization safeguards per the security rule.
Resolving ad hoc queries and issues relating to HIPAA compliance.
Monitor the daily operations of the program while ensuring compliance and investigating any reports of breaches.
Review security schedules from contract and ensure compliance with all HC client onshore.
Be a point of contact for all issues regarding the handling of PHI via authorizations, requests, or approval processes.
Document and keep track of employees who violate any policies.
Work with IRM team to perform the RA and plan to counter vulnerabilities documented during the risk assessment. Regularly reviewing the risk with service owners and data owners
Quarterly review with IT to ensure effective monitoring of systems and restrictions enforcement and review IT inventory.
Managing Information security and MARS-E/HIPAA mandated training program.
Developing audit standards for personal data handling and information security activity to ensure adherence to internal and external policies.
Maintain and execute the incident response procedure ensuring prompt redress of information security incidents and compliance breaches.
Ensure that a quarterly governance is maintained for HIPAA and MARS-E compliance.
Working with business and support units within the organization to implement the IRM (information risk management) strategies and frameworks set by the organization.
Interface with potential and existing customers as a senior management information security representative, providing assurance and information as required by the business, marketing or other teams.
Any other duties as are within the scope, spirit and purpose of the job, the title of the post and its grading as requested by the line manager or Head of Department/Division.
Serves as an internal information security consultant to the organization. Advises the organization with current information about information security technologies and related regulatory issues
Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information Systems
REQUIRED Field-of-Expertise
MARS-E , HIPAA, HITRUST, CCPA, ISO 27001, PCIDSS, SOC 1 /SOC 2
Knowledge & Skills:
3 to 5 years of experience in Managing Information Risk Management, knowledge and experience in handling HIPAA and MARS-E compliance, and Security Certifications.
A good working knowledge of Information Security, MARS-E compliance and SOC1 & SOC2, ISO 27001, PCI DSS, HITRUST, My CSF, CCPA, GLBA, HIPAA principles and practices
Broad awareness of hardware/software security products
Knowledge or experience working with cloud technologies and related environments
Significant broad IT experience, at least some of which has been in a security role
Self-motivated team player able to work effectively with diverse client groups and also on own initiative
Excellent written and verbal communication and presentation skills.
Strong analytical and evaluation ability, and problem-solving skills.
Strong interpersonal skills, able to establish credibility at all levels
Strong persuasion and influencing skills
Strong planning and organizational skills;
Flexible and adaptable style;
Prior knowledge of implementing NIST Framework controls in the organization
Should have good working skills on Excel and PowerPoint presentations.