Changing Technologies, Inc.
IT Security Lead
Changing Technologies, Inc., Raleigh, North Carolina, United States, 27601
Job Title:
Epic Electronic Health Record (EHR) IT Security Lead Client:
North Carolina Department of Health and Human Services (DHHS) Work Address:
Remote or Dix Campus, Raleigh, North Carolina Shift:
Day Shift (M-F) Hybrid Pay Rate:
$75/hour on 1099 Job Description: The North Carolina Department of Health and Human Services (DHHS) is seeking a skilled Epic Electronic Health Record (EHR) IT Security Lead to support the Division of State Operated Healthcare Facilities (DSOHF). The ideal candidate will be responsible for ensuring the security and compliance of the Epic EHR system, including managing access controls, conducting security audits, and collaborating with clinical, IT, and compliance teams to protect patient data and system integrity. This role requires strong knowledge of HIPAA, HITECH, NIST 800-53 Rev 4, and healthcare IT security best practices. Key Responsibilities: Security Management & Compliance:
Ensure the Epic EHR system meets all security and compliance requirements, including HIPAA, HITECH, and other applicable regulations. Oversee and enforce Epic EHR system access controls, ensuring proper user access based on their roles. Conduct regular security audits of the Epic system, identify vulnerabilities, and take corrective action. Update privacy and security policies based on gaps found through assessment processes. Coordinate with IT teams to implement and maintain security tools, including firewalls, intrusion detection/prevention systems, and encryption.
Access Controls & User Management:
Manage user provisioning and de-provisioning to ensure proper access to the Epic system. Administer role-based access controls (RBAC), ensuring appropriate access for users based on job responsibilities. Ensure system logs and user access records are maintained for auditing purposes. Work with internal audit teams to ensure compliance with regulatory standards.
Incident Response & Risk Management:
Investigate and respond to security incidents related to the Epic EHR system, ensuring proper reporting and resolution. Perform risk assessments on new modules or integrations within the Epic EHR, and develop mitigation strategies for any identified vulnerabilities. Perform risk assessments based on NIST 800-53 Rev 4, HIPAA, SSA, and IRS Pub 1075. Coordinate breach notification processes in compliance with healthcare regulations, involving clinical, IT, and legal teams.
Collaboration & Coordination:
Work closely with Epic implementation and optimization teams to ensure security measures are integrated into new features, updates, and third-party applications. Align EHR security measures with overall organizational cybersecurity strategies by collaborating with the broader IT security team. Provide insights and reports on EHR security in governance and compliance meetings.
Continuous Improvement:
Stay informed on emerging security threats and best practices relevant to EHR systems. Recommend improvements and optimizations for the Epic EHR security environment based on industry trends.
Qualifications: Education:
Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field (or equivalent work experience). Epic Certifications (Security Fundamentals, Security Administration, Data Courier) preferred. Security certifications such as CISSP, CISM, HCISPP are highly desirable.
Experience:
5-7 years of experience in IT security, preferably within the healthcare industry. Experience updating privacy and security policies based on gaps found through an assessment process (7+ years). Experience performing risk assessments based on NIST 800-53 Rev 4, HIPAA, SSA, and IRS Pub 1075 (7+ years). Previous experience with Epic EHR systems is preferred. Experience with HIPAA compliance, healthcare IT security audits, and risk management. Familiarity with role-based access control (RBAC), identity management, and data encryption in healthcare settings (7+ years). Strong understanding of EHR systems (Epic or similar systems) (7+ years). Proficient in healthcare regulations and standards, including HIPAA, HITECH, and meaningful use (7+ years). Strong communication skills, capable of working across departments and with clinical teams.
Skills:
Strong understanding of EHR systems, particularly Epic. Proficiency in HIPAA, HITECH, and other relevant healthcare regulations. Excellent problem-solving, analytical, and communication skills. Ability to manage and respond to security incidents effectively. Familiarity with healthcare IT infrastructure, including networking, firewalls, and database security.
Working Conditions: Occasional travel to healthcare facilities within the organization may be required. On-call availability for security incidents. Job Type:
Full-time, Contract Pay:
$75 per hour on 1099 Expected Hours:
40 hours per week Schedule: 8 hour shift Monday to Friday Experience: IT Security: 7 years (Preferred) Ability to Commute: Raleigh, NC 27603 (Required) Ability to Relocate: Raleigh, NC 27603: Relocate before starting work (Required) Work Location:
In person
#J-18808-Ljbffr
Epic Electronic Health Record (EHR) IT Security Lead Client:
North Carolina Department of Health and Human Services (DHHS) Work Address:
Remote or Dix Campus, Raleigh, North Carolina Shift:
Day Shift (M-F) Hybrid Pay Rate:
$75/hour on 1099 Job Description: The North Carolina Department of Health and Human Services (DHHS) is seeking a skilled Epic Electronic Health Record (EHR) IT Security Lead to support the Division of State Operated Healthcare Facilities (DSOHF). The ideal candidate will be responsible for ensuring the security and compliance of the Epic EHR system, including managing access controls, conducting security audits, and collaborating with clinical, IT, and compliance teams to protect patient data and system integrity. This role requires strong knowledge of HIPAA, HITECH, NIST 800-53 Rev 4, and healthcare IT security best practices. Key Responsibilities: Security Management & Compliance:
Ensure the Epic EHR system meets all security and compliance requirements, including HIPAA, HITECH, and other applicable regulations. Oversee and enforce Epic EHR system access controls, ensuring proper user access based on their roles. Conduct regular security audits of the Epic system, identify vulnerabilities, and take corrective action. Update privacy and security policies based on gaps found through assessment processes. Coordinate with IT teams to implement and maintain security tools, including firewalls, intrusion detection/prevention systems, and encryption.
Access Controls & User Management:
Manage user provisioning and de-provisioning to ensure proper access to the Epic system. Administer role-based access controls (RBAC), ensuring appropriate access for users based on job responsibilities. Ensure system logs and user access records are maintained for auditing purposes. Work with internal audit teams to ensure compliance with regulatory standards.
Incident Response & Risk Management:
Investigate and respond to security incidents related to the Epic EHR system, ensuring proper reporting and resolution. Perform risk assessments on new modules or integrations within the Epic EHR, and develop mitigation strategies for any identified vulnerabilities. Perform risk assessments based on NIST 800-53 Rev 4, HIPAA, SSA, and IRS Pub 1075. Coordinate breach notification processes in compliance with healthcare regulations, involving clinical, IT, and legal teams.
Collaboration & Coordination:
Work closely with Epic implementation and optimization teams to ensure security measures are integrated into new features, updates, and third-party applications. Align EHR security measures with overall organizational cybersecurity strategies by collaborating with the broader IT security team. Provide insights and reports on EHR security in governance and compliance meetings.
Continuous Improvement:
Stay informed on emerging security threats and best practices relevant to EHR systems. Recommend improvements and optimizations for the Epic EHR security environment based on industry trends.
Qualifications: Education:
Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field (or equivalent work experience). Epic Certifications (Security Fundamentals, Security Administration, Data Courier) preferred. Security certifications such as CISSP, CISM, HCISPP are highly desirable.
Experience:
5-7 years of experience in IT security, preferably within the healthcare industry. Experience updating privacy and security policies based on gaps found through an assessment process (7+ years). Experience performing risk assessments based on NIST 800-53 Rev 4, HIPAA, SSA, and IRS Pub 1075 (7+ years). Previous experience with Epic EHR systems is preferred. Experience with HIPAA compliance, healthcare IT security audits, and risk management. Familiarity with role-based access control (RBAC), identity management, and data encryption in healthcare settings (7+ years). Strong understanding of EHR systems (Epic or similar systems) (7+ years). Proficient in healthcare regulations and standards, including HIPAA, HITECH, and meaningful use (7+ years). Strong communication skills, capable of working across departments and with clinical teams.
Skills:
Strong understanding of EHR systems, particularly Epic. Proficiency in HIPAA, HITECH, and other relevant healthcare regulations. Excellent problem-solving, analytical, and communication skills. Ability to manage and respond to security incidents effectively. Familiarity with healthcare IT infrastructure, including networking, firewalls, and database security.
Working Conditions: Occasional travel to healthcare facilities within the organization may be required. On-call availability for security incidents. Job Type:
Full-time, Contract Pay:
$75 per hour on 1099 Expected Hours:
40 hours per week Schedule: 8 hour shift Monday to Friday Experience: IT Security: 7 years (Preferred) Ability to Commute: Raleigh, NC 27603 (Required) Ability to Relocate: Raleigh, NC 27603: Relocate before starting work (Required) Work Location:
In person
#J-18808-Ljbffr