Full-Time Privacy & Data Security Manager

Privacy & Data Security Manager

Assists with maintaining an effective privacy and data security program. Provides consultative services on privacy and patient confidentiality issues.

Develops and reviews policies and procedures, and oversees the privacy and data security program.

Primary Job Duties:

1. Initiates, facilitates, and promotes activities to foster a culture of privacy and data security compliance.
2. Provides guidance and direction on HIPAA Privacy and Security rules and other applicable federal and state health care privacy laws.
3. Assists in the development, implementation, and maintenance of administrative, physical, and technical safeguards for personally identifiable data, including managing user access, enforcing least-privilege principles, and maintaining system audit logs.
4. Periodically reviews and proposes revisions to Privia’s Privacy and Security Policies and Procedures and guidance materials to facilitate compliance with new privacy or cybersecurity-related laws/regulations or changes to existing federal, state, and local privacy or cybersecurity rules and regulations.
5. Collaborates with the CPO and CISO on the development of privacy and security training modules.
6. Assists ongoing privacy and security compliance monitoring and auditing activities, including staff awareness programs on phishing, ransomware, and insider threats.
7. Supports investigations of privacy and security incidents, breach risk assessments, and reporting to affected individuals and, when needed, HHS-OCR or other applicable agencies.
8. Maintains rapport with all business units to facilitate collaboration.
9. Collaborates with Information Security including conducting and reviewing security risk assessments to facilitate the implementation of effective mitigation of identified risks.
10. Assists with the implementation and management of PCI-DSS standards and SOX controls.
11. Other duties as assigned.

Required Knowledge:

• HIPAA Privacy, HIPAA Security
• Applicable state Privacy statutes and regulations
• NIST Cybersecurity framework
• 405(d) Health Industry Cybersecurity Practices
• PCI
• SOX

Experience:

• Minimum five years general healthcare privacy and security compliance experience with knowledge of medical group operations and physician services.
• Minimum five years’ experience in regulatory research and knowledge of federal, state healthcare privacy and security requirements

Preferred Experience:

• HIPAA Privacy Officer or Security Officer experience
• Certified in Healthcare Privacy Compliance (CHPC) or other relevant certifications

Technical Requirements (Remote Only):

• 5 MBPS Download Speed
• 3 MBPS Upload Speed

Salary Range: $100,000 - $120,000 (base).

Benefits: Medical, dental, vision, life, and pet insurance; 401K, paid time off, and other wellness programs. Eligible for annual bonus (15%) and restricted stock units.

What is the last date for applying to the job?

Which countries are accepted for this remote job?