Job Description

The IT Director / Security Officer is responsible for overseeing all information technology operations while serving as the organization's designated HIPAA Security Officer. This position ensures the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI) across all systems and processes. The role involves developing and maintaining comprehensive security policies, conducting risk assessments, managing IT infrastructure, and fostering a culture of security awareness throughout the organization.

Essential Job Functions

• Serves as designated HIPAA Security Officer responsible for security policy implementation.
• Develops, implements, and maintains comprehensive HIPAA security policies and procedures.
• Conducts annual risk assessments and coordinates remediation efforts.
• Oversees IT infrastructure design and operations with security-first approach.
• Implements and manages role-based access controls, authentication, and authorization systems.
• Configures and maintains encryption, endpoint security, network protection, and monitoring systems.
• Manages security incident response, breach notification, and recovery procedures.
• Ensures workforce security training, compliance monitoring, and documentation.
• Creates and maintains centralized security documentation with version control.
• Evaluates vendor security practices and monitors third-party compliance.
• Develops disaster recovery plans, identifies critical systems, and assesses contingency procedures.
• Conducts vulnerability assessments, log reviews, and security audits.
• Coordinates with compliance officers on regulatory requirements and audit preparation.
• Other duties as assigned.

Duties and Responsibilities

• Supports the day-to-day operations of IT infrastructure and security protocols.
• Participates in the development and execution of security audits that correlate with HIPAA Security Rule requirements.
• Periodically reviews and recommends updates to security policies, procedures, and protocols to ensure relevance in providing guidance to management and employees.
• Responds to security incidents via multiple channels, ensuring documentation, investigation initiation or closure. Ensures remediation activity aligns with policies and training of affected personnel.
• Assists and provides coordination with internal and external security reviews. Provides oversight of security incidents and investigations with leadership and, if indicated, outside counsel.
• Reviews incoming technology vendor contracts for security requirements, ensuring proper documentation and supporting materials.
• Serves as the primary contact for IT security inquiries.
• Tracks security compliance metrics and maintains documentation of security controls.
• Maintains security templates and standard protocols.
• Notifies stakeholders of pending security issues, ensuring to escalate matters to appropriate authorities.
• Provides assistance or independently creates Corrective Action Plans, remediation efforts, and testing of security systems.
• Provides reports as directed and / or requested to leadership on security issues and concerns.
• Assists in the annual development of security awareness training activities and promotion.
• Other projects as assigned.

Requirements :

• Bachelor's degree in IT, Computer Science, Cybersecurity, or related field required; Masters preferred.
• Required certifications : CISSP, CISA, CISM, or equivalent security certification. Healthcare-specific certifications (CHPS, HCISPP) preferred. The candidate will obtain the required security certification within 12 months of hire if not already certified.
• 5+ years IT management experience in healthcare organizations with 3+ years information security experience with HIPAA compliance.
• Knowledge of the various regulations including but not limited to : o HIPAA Security Rule o HITECH Act o State data protection laws o Security frameworks (NIST, ISO 27001)
• Review and interpret healthcare IT security regulations including HIPAA Security Rule, encryption requirements, access controls, and security incident response.
• Ability to identify, analyze and investigate potential security incidents involving ePHI.
• Ability to work with and maintain confidentiality of physician, patient, patient account, and personnel data.
• Ability to work effectively within a team environment.
• Clear, concise, and persuasive writing and presentation skills.
• Decisive and capable of exercising good judgment under pressure.
• Ability to be flexible, manage a diverse and demanding workload with minimal supervision.
• Competencies related to MS Office Suite including Word, Excel, and PowerPoint.
• Outstanding organizational skills with demonstration of exceptional planning and coordination.
• Demonstrated ability to solve problems and manage unforeseen changes to plans.
• Excellent multitasking ability.
• Strong attention to detail.
• Experience and skill with providing excellent customer service and maintaining cooperative working relationships in and outside the department.
• On-call availability for security incidents, occasional after-hours work, potential travel between sites.
• Preferred : Data analysis, evaluation and reporting skills, especially utilizing security tools and analytics platforms. Qualifications : To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and / or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Language Skills Ability to read and interpret documents such as security regulations, operating and maintenance instructions, and procedure manuals. Ability to author routine reports and correspondence. Ability to speak effectively before groups of customers or employees of organization.

Mathematical Skills Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume. Ability to apply concepts of basic algebra and geometry. Reasoning Ability Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. The ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.

Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Physical and Mental requirements Constantly operates a computer and other office equipment to coordinate work.

• Usually remains stationary for the majority of the day.
• Frequently communicates with clients and coworkers and must be able to share information effectively.
• The employee must occasionally lift and / or move up to twenty-five pounds.
• Uses close visual acuity and operates computer equipment to prepare and analyze and transmit data.

Job Tags

Similar Jobs