This role requires expertise in information security, compliance with data privacy regulations, risk assessment, and a deep understanding of healthcare data handling practices. The Information Security Specialist ensures that the project maintains the highest level of data security throughout all phases.
Responsibilities:
Data Security Policies: Develop, implement, and enforce data security policies, procedures, and best practices that align with data privacy regulations, industry standards, and the organization's security framework.
Risk Assessment: Conduct comprehensive risk assessments to identify potential security threats, vulnerabilities, and data protection risks. Assess the impact of these risks on the project's objectives and develop mitigation strategies.
Compliance: Ensure that the project adheres to relevant data privacy regulations, such as HIPAA, and any other applicable data protection laws. Monitor changes in regulations and update security measures accordingly.
Data Handling: Collaborate with the data team to establish secure data handling practices. Implement encryption, access controls, and data classification to protect healthcare data at all stages, from acquisition to analysis and reporting.
Incident Response: Develop and maintain an incident response plan to address potential security incidents or breaches. Establish procedures for reporting, investigating, and resolving security incidents in a timely and effective manner.
Security Audits: Conduct regular security audits to assess the effectiveness of security measures, identify areas for improvement, and ensure compliance with security policies and standards.
Security Awareness: Provide security training and awareness programs to project team members to ensure they understand security risks, data handling requirements, and best practices.
Vendor Management: Evaluate and manage the security posture of subcontractors, vendors, and third-party service providers who handle healthcare data. Ensure that they adhere to data security standards.
Continuous Monitoring: Implement continuous security monitoring processes to detect and respond to potential security threats in real-time. Utilize security tools and technologies to enhance monitoring capabilities.
Security Documentation: Maintain comprehensive security documentation, including security policies, procedures, incident response plans, and security assessments. Keep records of security activities, compliance measures, and corrective actions.
Qualifications:
Bachelor's degree in Information Security, Cybersecurity, or a related field. Relevant certifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are highly desirable.
Proven experience (typically 5+ years) in information security roles, preferably in healthcare or a highly regulated industry.
In-depth knowledge of data privacy regulations, especially HIPAA, and demonstrated experience ensuring compliance.
Strong understanding of security best practices, risk assessment, vulnerability management, and security controls.
Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).
Experience in conducting security audits, risk assessments, and incident response management.
Knowledge of encryption, access control, authentication, and other security technologies.
Excellent communication skills, capable of articulating complex security concepts to non-technical stakeholders.
Ability to collaborate with cross-functional teams, including technical and non-technical members, to implement security measures.
Analytical mindset with the ability to identify and address security risks effectively.
Ethical and trustworthy, with a commitment to maintaining the highest level of integrity and professionalism in managing sensitive healthcare data.
Infiuss Health
