Abacus
NCDIT - Security Specialist- Mid Level
Abacus, Raleigh, North Carolina, United States, 27601
Engagement Type:Contract
Short Description:The Compliance Officer will be familiar with risk management, comfortable leading internal risk assessments, and possess knowledge of HIP nd NIST privacy and security requirements for health information networks.
Complete Description:The candidate will be allowed to work remotely but will need to be onsite at short notice. There is a mandatory three week training onsite at the beginning of the engagement. Once all staff return to site the candidate will need to work onsite full time.
The NC HIEA Compliance Officer will ensure that operations follow all relevant state and federal requirements for securely transacting health information via the HIE Network, NC HealthConnex. The Compliance Officer will be familiar with risk management, comfortable leading internal risk assessments, and possess knowledge of HIP nd NIST privacy and security requirements for health information networks. This position will work closely with the NC HIEA leadership team, DIT legal counsel, and DIT Privacy Team, and DIT Security and Risk Management Team to ensure continual improvement of the NC HIEA's security and risk profile.
Responsibilities
ssist with the development and implementation of a compliance program for the NC HIEA that includes preparation for HITRUST certificationCreate sound internal controls and monitor adherence to themDraft and revise policiesProactively audit processes, practices and documents to identify weaknessesEvaluate activities to assess compliance riskCollaborate with external auditors and DIT Security Team when neededSet plans to manage a crisis or compliance violationEducate and train employees on regulations and industry practicesddress employee concerns or questions on complianceKeep abreast of industry standards and business goals
Requirements•Proven experience as a Compliance Officer•Experience in risk management•Knowledge of HIP nd NIST requirements•Familiarity with industry practices and professional standards•Excellent communication skills•Integrity And professional ethics•Attention To detail
Required / Desired SkillsSkill Required / Desired mount of Experience Knowledge of privacy laws (state and federal such as HIPAA (preferred), PCI, CJIS); proven risk management experience. Required 3 Years Experience in creation of risk management strategies and policy development to handle data breaches and other incidents. Required 3 Years Knowledge of NIST controls and experience with completing/conducting assessments; written and verbal communication. Required 3 Years Strong conflict management skills in order to work with senior management to ensure security and data protection rules and regulations are in place. Required 3 Years Knowledge of cybersecurity and privacy principles Required 3 Years bility to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action. Required 3 Years bility to work across departments and business units to implement organization's privacy principles and programs. Required 3 Years bility to develop, update, and/or maintain standard operating procedures (SOPs). Required 3 Years bility to develop clear directions and instructional materials. Required 3 Years
Short Description:The Compliance Officer will be familiar with risk management, comfortable leading internal risk assessments, and possess knowledge of HIP nd NIST privacy and security requirements for health information networks.
Complete Description:The candidate will be allowed to work remotely but will need to be onsite at short notice. There is a mandatory three week training onsite at the beginning of the engagement. Once all staff return to site the candidate will need to work onsite full time.
The NC HIEA Compliance Officer will ensure that operations follow all relevant state and federal requirements for securely transacting health information via the HIE Network, NC HealthConnex. The Compliance Officer will be familiar with risk management, comfortable leading internal risk assessments, and possess knowledge of HIP nd NIST privacy and security requirements for health information networks. This position will work closely with the NC HIEA leadership team, DIT legal counsel, and DIT Privacy Team, and DIT Security and Risk Management Team to ensure continual improvement of the NC HIEA's security and risk profile.
Responsibilities
ssist with the development and implementation of a compliance program for the NC HIEA that includes preparation for HITRUST certificationCreate sound internal controls and monitor adherence to themDraft and revise policiesProactively audit processes, practices and documents to identify weaknessesEvaluate activities to assess compliance riskCollaborate with external auditors and DIT Security Team when neededSet plans to manage a crisis or compliance violationEducate and train employees on regulations and industry practicesddress employee concerns or questions on complianceKeep abreast of industry standards and business goals
Requirements•Proven experience as a Compliance Officer•Experience in risk management•Knowledge of HIP nd NIST requirements•Familiarity with industry practices and professional standards•Excellent communication skills•Integrity And professional ethics•Attention To detail
Required / Desired SkillsSkill Required / Desired mount of Experience Knowledge of privacy laws (state and federal such as HIPAA (preferred), PCI, CJIS); proven risk management experience. Required 3 Years Experience in creation of risk management strategies and policy development to handle data breaches and other incidents. Required 3 Years Knowledge of NIST controls and experience with completing/conducting assessments; written and verbal communication. Required 3 Years Strong conflict management skills in order to work with senior management to ensure security and data protection rules and regulations are in place. Required 3 Years Knowledge of cybersecurity and privacy principles Required 3 Years bility to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action. Required 3 Years bility to work across departments and business units to implement organization's privacy principles and programs. Required 3 Years bility to develop, update, and/or maintain standard operating procedures (SOPs). Required 3 Years bility to develop clear directions and instructional materials. Required 3 Years