Data Security Analyst

Manages the overall implementation, tracking, monitoring, auditing and reporting on user system activity, security and usage related to Humboldt Park Health’s computerized systems, including the EMR and attached systems and those systems having Personal Health Information (PHI).  Remains current with evolving regulations (including HIPAA) related to system and data security, in order to assist Humboldt Park Health management in developing, maintaining, recommending, and operationalizing data security policies and procedures related to system security and data confidentiality.  Manages systems, interfaces, and develops reports where needed related to data security and monitoring systems.

Assists Compliance and HIPAA Officers in the creation and implementation of policies and procedures related to record retention, disaster recovery and business continuity.  Audits and approves user system profiles and access rights in conjunction with the Information Technology Services team.  Assists management in the documentation, education and training of staff.   Maintains current knowledge related to local, state, and federal regulatory requirements related to IT data security, financial systems and HIPAA security.   Assists management in the gap analysis and execution of the long term HIPAA security action plans to maintain Meaningful Use, HITECH, DNV, and other compliance agency regulatory requirements.

Essential Duties and Responsibilities:

 Monitors, audits and recommends changes to overall access to controlled areas and information systems that process or handle highly confidential and sensitive data.

1. Assists in the creation, ongoing maintenance and implementation of data security and HIPAA security auditing, monitoring, and reporting policies and procedures, including the establishment of corporate user security access profiles.
2. Assists in the creation and maintenance of disaster recovery and business continuity policies, procedures and action plans.
3. Assists in the overall approval process of system change management implementations to ensure data and confidential security and accesses are maintained to ensure regulatory compliance.
4. Monitors, audit reports, and enacts corrective action on data/system usage, including tables/catalogs/dictionaries, for appropriateness and need basis for fulfilling business needs while ensuring the confidentiality of the data and patient information.
5. Creates and maintains educational materials and performs ongoing education and training related to data compliance and HIPAA security issues for staff and the community.
6. Implements and maintains systems utilized in the auditing, monitoring, and reporting of data and HIPAA security and confidentiality usage and breaches.
7. Uses data encryption, firewalls, and other appropriate security tools and applications to conceal and protect transfers of confidential digital information.
8. Determine frequency to update virus protection systems by monitoring current reports of computer viruses; facilitates or performs needed updates.
9.  Develop a security plan for best standards and practices for the company.
10.  Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack.
11.  Make recommendations on security advancements to best protect the company’s systems.
12.  Conduct or coordinate vulnerability scans, and penetration tests on campus systems, document findings, and recommend risk mitigation strategies.
13. Collaborates with the executive team, leadership and customers to solve problems and improve business operations through process re-engineering, to meet or exceed data security and HIPAA security regulatory requirements.
14. Provides leadership and direction to Humboldt Park Health management and staff, as it relates to data and HIPAA security measures, controls, and corrective action processes to ensure a caring approach with the utmost confidentiality, integrity, and respect.

Requirements:

3 or more years of experience

Associate's degree or equivalent required; Bachelors’ or Post Graduate degree preferred. CISSP or other cyber-security certification preferred

Preferred certifications, licensure or registration:

• CompTia Network
• CompTia Security
• CompTia Cybersecruity Analyst
• Certified Ethical Hacker (CEH)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)  

Effective management and leadership skills.

Effective communication, presentation, and public speaking skills.

Ability to analyze, interpret, and repurpose regulatory text and code into laymen’s terms

Effective liaison between regulatory agencies, business and leadership units and staff

Experienced in policy and procedure development and enforcement.

The hospital prohibits discrimination based on age, race, ethnicity, religion, culture, language, physical or mental disability, socioeconomic status, sex, sexual orientation, and gender identity or expression.