Help healthcare organizations under their responsibilities and vulnerabilities in protecting patient data.
The Center for the Advancement of Health IT (AHIT) is seeking a high energy, self-motivated, professional individual with a can-do attitude and the desire to learn.
We offer a competitive salary and a casual-to-business casual environment. Benefits include medical insurance, prescription drug program, life insurance, pre-tax health care/dependent care flexible spending accounts, 401(K), eleven paid holidays and generous vacation/sick time. Our office is located in St. Petersburg.
AHIT is seeking candidates for a Health IT Security/IT Specialist position to lead HIPAA covered entities in conducting security risk assessments, both virtually (Via phone/web) and in the field, providing consultation and education on recommended improvements, conducting external vulnerability scans, building solid client relationships, and serving as a member of the in-house IT support team. The professional will analyze HIPAA requirements, assess described workflows, and identify potential risks to the confidentiality, integrity, and availability of electronic protected information as required by the HIPAA Security Rule. This position will require the ability and willingness to travel occasionally, and may require overnight travel to client locations, mostly within Florida. Reliable transportation is required.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Conduct client-oriented interactive security risk assessments and/or vulnerability scans to identify security risks, and gather findings.
- Using output from risk assessments, vulnerability scans, or penetration tests, recommend controls to manage risks to reasonable and appropriate levels.
- Use professional judgement and knowledge to assess risk levels, as well as provide guidance on remediation planning.
- Produce thorough reports detailing findings, and provide remediation recommendations to help clients meet information security and compliance standards.
- Interpret information security, compliance, and regulatory policies, standards, and other requirements.
- Stay abreast of market shifts, announcements, and best practices.
- Recommend changes to the security risk assessment service offering as necessary to comply with the changes in the law, regulations, professional ethics, and accreditation requirements.
- Understand and communicate engagement objectives internally and to clients. This includes both overall engagement goals and specific consultant objectives.
- Maintain comprehensive documentation on all activities in a manner consistent with procedures and requirements.
- Desktop Administration - This includes computer setup, deployment, re-deployment, troubleshooting, and all associated documentation.
- Monitoring and adherence to IT service management SLAs and standards.
- Technical documentation - This includes the creation of new documentation and the review and updating of existing documentation.
- Provide on-call duties on a rotating basis and project work, including nights and weekends (very limited).
- As part of the IT Team, be available for off hours scheduled maintenance and upgrades, as needed (very limited).
- Participate in other activities necessary to support the security program and IT needs of the organization.
Healthcare IT experience is preferred though not required. AHIT will train the right candidate with the right skill sets, attitude, and communication skills.
- Understanding up HIPAA Security Compliance - Moderate Experience and/or Knowledge Required
- Excellent Written and Verbal Skills
- Ability To Communicate Technical Information to a Non-Technical Audience - Significant Experience Required
- LAN/WAN Networking Skills - Entry Level-to-Moderate Experience Required
- Desktop Administration - Moderate Experience Required
- Planning and Organization - Moderate Experience Required
KNOWLEDGE/SKILLS IN ANY AREAS BELOW ARE OF ADDITIONAL BENEFIT TO CANDIDATE:
- Security +, CISSP, HCISPP, and/or CISA (or must be willing to obtain)
- Experience with a broad array of compliance frameworks including:
- ISO 27002
- Florida privacy/security related laws