If you have thrive in a Healthcare environment and have HIPAA compliance experience, this is could be a great fit for you! The Virtual Chief Information Security Officer (vCISO) will be responsible for overseeing and ensuring the security of our healthcare practice and customers. This role involves developing and implementing security policies, managing risks, and leading our security initiatives remotely. The vCISO will provide strategic guidance and support to our organization to protect patient information and maintain regulatory compliance.
Key Responsibilities/ Duties:
Leadership and Strategy
· Develop and implement a comprehensive information security strategy aligned with HIPAA requirements and organizational goals.
· Provide expert guidance and leadership on security matters to internal and customer executive teams and other stakeholders.
· Establish security policies, standards, and procedures to ensure compliance with HIPAA and other relevant regulations.
Compliance and Risk Management
· Ensure compliance with HIPAA, HITECH, and other relevant healthcare regulations.
· Conduct regular risk assessments and vulnerability analyses to identify potential threats and weaknesses.
· Develop and implement risk mitigation strategies and action plans.
· Oversee incident response planning, execution, and reporting, including conducting post-incident analysis and improvements.
Security Operations:
· Monitor the security environment to detect and respond to potential security threats and incidents.
· Coordinate with IT and other departments to ensure security measures are integrated into all aspects of the organization’s operations.
· Oversee the implementation and management of security tools, technologies, and practices.
· Conduct regular security training and awareness programs for staff to ensure compliance and foster a culture of security.
Collaboration and Communication:
· Act as a liaison with external stakeholders, including regulatory bodies, auditors, and law enforcement, as necessary.
· Communicate security risks, strategies, and initiatives to the executive team, board of directors, and staff in a clear and concise manner.
· Provide regular updates and reports on the status of the information security program and compliance efforts.
Knowledge, Skills, Abilities, and Behaviors:
· Professional security management certification (e.g., CISSP, CISM, CISA) required.
· Minimum of 10 years of experience in a combination of risk management, information security, and IT roles, with specific experience in healthcare and HIPAA compliance.
· Proven experience in developing and implementing information security policies, procedures, and standards.
· Strong understanding of HIPAA, HITECH, and other relevant healthcare regulations and standards.
· Excellent communication and leadership skills, with the ability to manage remote teams and projects effectively.
· Experience with incident response, risk assessment, and mitigation strategies.
· Ability to work independently and manage multiple tasks and priorities in a remote environment.
Education/ Experience:
· Bachelor's degree from an accredited university/college preferred.
· Proven experience in client relationship management within the IT or cybersecurity services industry.
Certifications:
· Cybersecurity credentials, such as a CISSP, are a plus.
Physical Demands:
Sedentary Work – Exerts up to 10 pounds of force occasionally, a negligible amount of force frequently, and/or constantly having to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time.
Disclaimer:
The above information in this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Meriplex Communications and Meriplex Solutions are Equal Employment Opportunity Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.