Compliance Officer & Information Security Analyst (County Class: Systems Administrator II/III) en County of San Luis Obispo, CA
County of San Luis Obispo, CA · San Luis Obispo, Estados Unidos De América · Onsite
- Professional
- Oficina en San Luis Obispo
About the Department
The County of San Luis Obispo Health Agency is seeking an experienced and enthusiastic professional to join the organization in the role of Information Security Analyst (County Classification: Systems Administrator II/III). This critical position will be embedded within the Health Agency IT team but will report directly to the Assistant Health Agency Director and will also serve as the Agency’s Compliance, Privacy, and HIPAA Officer.
This role is responsible not only for the technical security of all technology deployed within the Health Agency, but also for ensuring organizational compliance with privacy and regulatory standards, including HIPAA. The ideal candidate will demonstrate a robust understanding of systems security, regulatory policy interpretation, and compliance frameworks, and will act as the primary point of contact for all privacy, security, and compliance-related initiatives across the Health Agency.
Key Responsibilities:
Information Security Oversight:
Continually evaluate and ensure the technical security of systems, infrastructure, and applications deployed at the Health Agency.
Create, update, and enforce technical and administrative security policies and procedures in alignment with industry best practices and regulatory requirements.
Perform technical security reviews of proposed projects and new technology implementations.
Conduct regular audits of systems and processes to ensure compliance with internal and external security controls.
Compliance, Privacy, and HIPAA Leadership:
Serve as the Health Agency’s Compliance, Privacy, and HIPAA Officer, maintaining accountability for compliance with federal and state health information privacy and security regulations.
Interpret and implement changes to regulations and guidance from regulatory bodies and ensure Agency-wide compliance.
Develop, implement, and maintain all required compliance, privacy, and security-related policies and procedures.
Manage, document, and report incidents involving protected health information (PHI), including the investigation and response to potential or confirmed breaches.
Serve as the primary contact and support resource for all Health Agency departments regarding compliance concerns, new contracts, regulatory questions, and operational impacts of new or revised programs.
Training and Education:
Design, implement, and conduct required compliance and regulatory training for all Health Agency employees, including HIPAA, privacy, and cybersecurity awareness.
Maintain thorough documentation training completion and policy acknowledgments for auditing and enforcement purposes.
Policy, Program, and Records Management:
Oversee the lifecycle management of records, including compliance with mandated destruction and retention schedules.
Regularly review and revise compliance-related documentation, policies, and procedures to reflect changes in law, regulation, or best practice.
Support new program or contract development by reviewing requirements for regulatory impact and recommending compliant operational procedures.
This recruitment may be used to fill future permanent, substitute, limited term, and temporary positions, both full-time and part-time throughout the County.
Position Duties
Preferred Qualifications:
- Demonstrated knowledge and application of information security frameworks, including NIST, HIPAA Security Rule, and other relevant standards.
- Strong foundation in regulatory and policy interpretation, particularly within County government.
- Proficiency in conducting internal audits, risk assessments, and breach investigations.
- Ability to communicate effectively with legal, operational, IT, and executive stakeholders.
- Excellent interpersonal, training, and project management skills, with a collaborative and proactive approach to problem-solving.
Completion of the Health Care Compliance Association (HCCA) Certificate in Healthcare Compliance (CHC) and/or Certificate in Healthcare Privacy Compliance (CHPC) required within the first year of hire.
A combination of education, training, and experience resulting in the required knowledge, skills, and abilities. An example of qualifying education and experience includes:
Systems Administrator II: Either A: Graduation from an accredited four-year college or university with a bachelor’s degree in computer science or a related field. OR B: An associates degree or 60 semester units or 90 quarter units from an accredited college or university, or a certificate of completion from a job-related, accredited vocational institution. In addition, two years of experience installing and maintaining hardware and software systems.
Systems Administrator III: Either A: Graduation from an accredited four-year college or university with a bachelor’s degree in computer science or a related field. In addition, two years of experience installing and maintaining hardware and software systems.OR B: An associate’s degree or 60 semester units or 90 quarter units from an accredited college or university, or a certificate of completion from a job-related, accredited vocational institution. In addition, four years of experience installing and maintaining hardware and software systems.
Minimum Qualifications
Applications, including answers to supplemental questions, must be submitted online by the final filing date. Apply for this position at governmentjobs.com/careers/slocountyca. Most County recruitments require you to respond to supplemental questions as part of the application process. We recommend that you review these questions prior to beginning your application.
An initial application review will be conducted. Candidates who meet the minimum qualifications and are best qualified will be invited to participate in selection activities which may include online assessments, performance exams, written exams, and interviews.
Final candidates will be required to have an in-depth background review performed before proceeding in the process. Please note that references will not be contacted until the end of the process.
If you have questions or would like to discuss the opportunity further, please contact Human Resources at [email protected]. Confidential inquiries are welcomed.
