IT Director/Security Officer at Precision Healthcare Specialists

The IT Director/Security Officer is responsible for overseeing all information technology  operations while serving as the organization's designated HIPAA Security Officer. This  position ensures the confidentiality, integrity, and availability of electronic Protected  Health Information (ePHI) across all systems and processes. The role involves  developing and maintaining comprehensive security policies, conducting risk  assessments, managing IT infrastructure, and fostering a culture of security awareness  throughout the organization.  

Essential Job Functions  

• Serves as designated HIPAA Security Officer responsible for security policy  implementation. 

• Develops, implements, and maintains comprehensive HIPAA security policies  and procedures. 

• Conducts annual risk assessments and coordinates remediation efforts.  

• Oversees IT infrastructure design and operations with security-first approach.  

• Implements and manages role-based access controls, authentication, and  authorization systems. 

• Configures and maintains encryption, endpoint security, network protection, and  monitoring systems.  

• Manages security incident response, breach notification, and recovery  procedures.  

• Ensures workforce security training, compliance monitoring, and documentation.  

• Creates and maintains centralized security documentation with version control.  

• Evaluates vendor security practices and monitors third-party compliance.  

• Develops disaster recovery plans, identifies critical systems, and assesses  contingency procedures.  

• Conducts vulnerability assessments, log reviews, and security audits.  

• Coordinates with compliance officers on regulatory requirements and audit  preparation.  

• Other duties as assigned.  

Duties and Responsibilities  

• Supports the day-to-day operations of IT infrastructure and security protocols.  

• Participates in the development and execution of security audits that correlate  with HIPAA Security Rule requirements.  

• Periodically reviews and recommends updates to security policies, procedures,  and protocols to ensure relevance in providing guidance to management and  employees.  

• Responds to security incidents via multiple channels, ensuring documentation,  investigation initiation or closure. Ensures remediation activity aligns with policies  and training of affected personnel.  

• Assists and provides coordination with internal and external security reviews.  Provides oversight of security incidents and investigations with leadership and, if  indicated, outside counsel.  

• Reviews incoming technology vendor contracts for security requirements,  ensuring proper documentation and supporting materials.  

• Serves as the primary contact for IT security inquiries.  

• Tracks security compliance metrics and maintains documentation of security  controls.  

• Maintains security templates and standard protocols.  

• Notifies stakeholders of pending security issues, ensuring to escalate matters to  appropriate authorities.  

• Provides assistance or independently creates Corrective Action Plans,  remediation efforts, and testing of security systems.  

• Provides reports as directed and/or requested to leadership on security issues  and concerns. 

• Assists in the annual development of security awareness training activities and  promotion.  

• Other projects as assigned.  

• Bachelor's degree in IT, Computer Science, Cybersecurity, or related field  required; Masters preferred.  

• Required certifications: CISSP, CISA, CISM, or equivalent security certification.  Healthcare-specific certifications (CHPS, HCISPP) preferred. The candidate will  obtain the required security certification within 12 months of hire if not already  certified.  

• 5+ years IT management experience in healthcare organizations with 3+ years  information security experience with HIPAA compliance.  

• Knowledge of the various regulations including but not limited to:   o HIPAA Security Rule  o HITECH Act  o State data protection laws  o Security frameworks (NIST, ISO 27001)  

• Review and interpret healthcare IT security regulations including HIPAA Security  Rule, encryption requirements, access controls, and security incident response.  

• Ability to identify, analyze and investigate potential security incidents involving  ePHI.  

• Ability to work with and maintain confidentiality of physician, patient, patient  account, and personnel data.  

• Ability to work effectively within a team environment.  

• Clear, concise, and persuasive writing and presentation skills.  

• Decisive and capable of exercising good judgment under pressure.  

• Ability to be flexible, manage a diverse and demanding workload with minimal  supervision.  

• Competencies related to MS Office Suite including Word, Excel, and PowerPoint.  

• Outstanding organizational skills with demonstration of exceptional planning and  coordination.  

• Demonstrated ability to solve problems and manage unforeseen changes to  plans.  

• Excellent multitasking ability.  

• Outstanding communication skills.  

• Strong attention to detail.  

• Experience and skill with providing excellent customer service and maintaining  cooperative working relationships in and outside the department.  

• On-call availability for security incidents, occasional after-hours work, potential  travel between sites.  

• Preferred: Data analysis, evaluation and reporting skills, especially utilizing  security tools and analytics platforms.  Qualifications:  To perform this job successfully, an individual must be able to perform each essential  duty satisfactorily. The requirements listed below are representative of the knowledge,  skill, and/or ability required. Reasonable accommodations may be made to enable  individuals with disabilities to perform the essential functions.  

Language Skills  Ability to read and interpret documents such as security regulations, operating and  maintenance instructions, and procedure manuals. Ability to author routine reports and  correspondence. Ability to speak effectively before groups of customers or employees  of organization.  

Mathematical Skills  Ability to calculate figures and amounts such as discounts, interest, commissions,  proportions, percentages, area, circumference, and volume. Ability to apply concepts of  basic algebra and geometry.  Reasoning Ability  Ability to solve practical problems and deal with a variety of concrete variables in  situations where only limited standardization exists. The ability to interpret a variety of  instructions furnished in written, oral, diagram, or schedule form.  

Physical Demands The physical demands described here are representative of those  that must be met by an employee to successfully perform the essential functions of this  job. Reasonable accommodation may be made to enable individuals with disabilities to  perform the essential functions.  

Physical and Mental requirements Constantly operates a computer and other office equipment to coordinate work.  • Usually remains stationary for the majority of the day.  • Frequently communicates with clients and coworkers and must be able to share  information effectively.  • The employee must occasionally lift and/or move up to twenty-five pounds.  • Uses close visual acuity and operates computer equipment to prepare and  analyze and transmit data.