"Get paid to offer your opinion! Earn up to $300 per survey. New $20 joining bonus. MDForLives is seeking health care providers to complete paid medical surveys."

Lead Security and Privacy Compliance Analyst

Arcadia
Published
February 16, 2024
Location
Boston, MA
Category
Health technologies  
Job Type
Full-time  
Work Setting
Remote / Home-based

Description

The role of the Lead Security and Privacy Compliance Analyst is to ensure Arcadia conducts its business in full compliance with all state and federal healthcare laws and regulations, data protection laws, as well as professional standards, accepted business practices, and internal requirements. This role will also work to ensure full compliance with and support the associated audits and reviews for SOC 2, ISO 27001, and HITRUST.
The Lead Security and Privacy Compliance Analyst will work as a member of the Information Security team and report to the Senior Director of Privacy & Security Compliance. This role involves close collaboration with various teams to develop, implement, and maintain robust security and privacy compliance programs. This role is responsible for identifying and assessing potential security and privacy risks, both internal and external, and devising effective strategies to mitigate them.
This role is responsible for all NIST audit-related artifacts and preparation and audit coordination. This role will also provide security, privacy, and compliance information in response to customer questionnaires, RFPs/RFIs, and other external audits.The rolewill work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light.
Ultimately, the Lead Security and Privacy Compliance Analyst is accountable for safeguarding Arcadia's data, reputation, and operational continuity through diligent risk management and regulatory adherence.
Roles and Responsibilities 
    • Supporting the Information Security team with ongoing compliance efforts related to SOC 2, ISO 27001, and HITRUST certification, along with general state and federal healthcare, privacy, and security requirements.
    • Take point on all NIST-related audits and related artifacts.
    • Develop and implement a comprehensive security risk management framework, ensuring it aligns with industry best practices and regulatory requirements.
    • Ensure the organization complies with relevant industry standards, regulations, and contractual obligations related to security.
    • Ensuring the organization complies with Federal and State regulations and policies as they relate to healthcare privacy and security.
    • Oversee regular security risk assessments to identify potential vulnerabilities and develop strategies to mitigate risks effectively.
    • Oversee the development, implementation, and maintenance of security and privacy policies, procedures, and protocols.
    • Maintaining a matrix of client compliance requirements and performing regular compliance reviews.
    • Stay current with emerging security threats, trends, and technologies to ensure the organization remains proactive in its security posture.
    • Provide guidance and support to business units on security, privacy, and compliance matters, acting as a subject matter expert.
    • Collaborate with internal stakeholders to ensure security and privacy controls are implemented and maintained across the organization.
    • Coordinate audits and assessments to assess the effectiveness of the security risk management program and ensure compliance with applicable regulations.
    • Develop and deliver security awareness training programs to educate employees on security risks, best practices, and compliance requirements.
    • Develop and maintain relationships with external partners, regulatory bodies, and industry organizations to stay informed of regulatory changes and collaborate on security initiatives.
    • Foster a culture of security awareness and accountability throughout the organization by promoting best practices and maintaining an effective risk management program.
    • Provide regular reports and updates to senior management and stakeholders on the state of security risk and compliance.
    • Evaluate and recommend security tools, solutions, and services to enhance the organization's security, privacy, and compliance posture.
    • Supervise and mentor more junior team members.
    • Continuously assess and improve the organization's security, privacy, and compliance programs.
    • Assist in the development and implementation of Business Continuity Planning and testing.
    • Maintain Arcadia's trust portal and manage access for existing and prospective customers.
    • Monitoring the implementation of any prescribed corrective actions resulting from client assessments.

Qualification and Experience - Required 

    • Good working knowledge of compliance as it relates to healthcare privacy and security, governance, and risk concepts and practices.
    • In-depth understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company in the healthcare industry (e.g., HIPAA, HITECH, SOC 2, ISO 27001/2, ISO 27017, HITRUST).
    • 5+ years' experience in performing information security audits, risk assessments, cyber risk management, or compliance.
    • Experience in vulnerability management, including lifecycle, follow-up, and reporting.
    • Background in healthcare technology, EHR (electronic health record) implementation, and healthcare compliance.
    • Strong understanding of HIPAA, Medicare, and Medicaid requirements
    • Ability to work independently.
    • Proficient in documenting risk and compliance activities, including how to ensure documentation is actionable rather than for the mere sake of compliance.
    • Experience in performing information security audits or risk assessments and familiarity with conducting security auditing processes professionally.
    • Excellent interpersonal, communication, and presentation skills and a level of professionalism in dealing with third parties.
    • Experience in developing security standards and guidelines based on best practices and industry standards.
    • Advanced computer skills and excellent written and oral communication skills.

Qualification-preferred 

    • At least 5-10 years of healthcare compliance experience.
    • Knowledge of securing network technologies, client, and server operating systems.
    • Certifications: CISA, ISACA, CIPP, CISSP, CISM.
    • Management of regulatory, internal, or external audits, or experience as an auditor.
    • Experience reviewing and redlining security terms in contracts.
Apply
Apply
https://www.linkedin.com/in/your_name/
Drop files here browse files ...
Resume, cover letter, or other documents as required per the job description

Related Jobs

Clinical Research Associate   Deerfield, IL new
April 26, 2024
Physician Advisor   Telecommute new
April 26, 2024
Vice President & Chief Medical Officer   Vero Beach, FL new
April 26, 2024
Sr. Program Manager-Patient Safety & Quality   Telecommute new
April 26, 2024
Cardiology Informatics Analyst III   San Diego, CA new
April 26, 2024

"M3 Global Research is collecting opinions on treatments and medical practices. Get compensated for sharing your expertise with M3 in paid medical surveys and enjoy an additional welcome bonus."
Are you sure you want to delete this file?
Yes, delete this file. Cancel
/
Add Files Cancel selected