•Gathers information to prepare PIA Triage documents, Privacy Impact Assessment Questionnaires, and PIA Evaluation and Mitigation Plans.
•Prepares Privacy Evaluation and Mitigation Plans.
•Has a thorough understanding of the HIPAA/HITECH Act as well as the global laws, regulations, and data protection requirements associated with the management and control of personal and sensitive data processed by the Business Group.
•Understanding of the HIPAA Privacy Rule and HIPAA Security Rule.
•Leads the development and implementation of information security practices including policies, standards, guidelines and procedures
•Verifies that security requirements defined in the information system security plans (policies and procedures) are followed and protection measures are functioning as intended Conducts information security reviews to determine compliance
•Provides information security risk management and operational security advice as well as advice on strategic direction relating to information security
•Handles security incidents and reviews risk and impact of breaches to protected systems
•Monitor for and evaluate the impact of vulnerabilities and threats to technologies used and co-ordinate remediation efforts
•Participates in architecture and design of services providing information security advice; reviewing proposed services; engineering changes; and feature requests for security implications and needed security controls; lead development of threat models; and oversee security penetration testing.
Bachelors degree with an emphasis in software technology or information systems.