Security Compliance Specialist

Summary:
Provide operational, administrative and project support for the Information Security department whose purpose is to ensure the safety of Information Systems Assets and to protect systems from intentional or inadvertent access or destruction. This role includes, but is not limited to: Assists with designing, implementing and maintaining a comprehensive and effective privacy & security program for the hospital/health care entities. Provides consultative services on privacy and patient confidentiality issues. Participates in program development and implementation, policy and procedure development, compliance monitoring, developing and updating information security policies, standards and guidelines, and manages investigations. Develops and conducts privacy and security training and education. Responsibilities for this position include managing all Information Services audit requests; organize and fulfill all eDiscovery requests made to the IS department; manage the PCI DDS program for the organization; critical communication pathways across entire hospital/health care entities and University for compliance related topics. Provide administration for support and delivery security policies and systems. Participate in IS audit requests, participate in the development of policies, standards, procedures for the general operation of the InfoSec Team. Lead the PCI program for IS, and develop and manage a user awareness, education and training program focused on security principles. Will work on assigned projects both independently and as part of a team. Provide direction and leadership in the creation, maintenance, and enforcement of IS Policies. Participates in creation of new policies and/or updates to existing policies based on new solutions and/or the ever-changing cybersecurity landscape.

Minimum Education

• Bachelor's degree a related field or the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position.

Minimum Qualifications

• 3 years of experience in Compliance
• PCI and HIPAA experience

• Strong interpersonal skills and ability to deal effectively with diverse personalities and skill sets.
• Ability to effectively interact with internal and external parties in resolving security complaints.
• Excellent oral, written and presentation skills.
• Analyze, asses and evaluate situations, circumstance, data, etc. to create recommendations and report on outcomes
• Conceptualization and design? education, training and awareness programs (including but not limited to newsletters, alerts, online Healthstream training, phishing programs, etc.)
• Interpretation of policies, trends, etc. in the Information Security space
• Problem solving skills and ability to work under pressure
• Knowledge of applicable federal and state laws/regulations/policies/principles/etc.
• Project management principles
• Able to effectively explain information and influence others in straightforward situations
• Able to make appropriate decisions within guidelines and policies
• Able to effectively prioritize own work to meet changing deadlines
• Demonstrated understanding of healthcare operations
• Thorough knowledge of state and federal regulations pertaining to HIPAA compliance program rules
• Thorough knowledge of federal regulations pertaining to PCI compliance program rules

Position Accountabilities

• Provide administration for support and delivery of security policies and systems. Participate in IS audit requests, participate in the development of policies, standards, procedures for the general operation of the InfoSec Team. Lead the PCI program for IS, and develop and manage a user awareness, education and training program focused on security principles. Will work on assigned projects both independently and as part of a team.
• Provides direction and leadership in the creation, maintenance, and enforcement of IS Policies. Participates in creation of new policies and/or updates to existing policies based on new solutions and/or the ever-changing cybersecurity landscape.
• Serve as the liaison and point person for all Information Services audit requests. Maintain necessary records in accordance with laws, regulations, and policies.
• Organize and fulfill all eDiscovery requests made to the IS department.
• Develops and conducts security training, education and awareness to all applicable users.
• Develops and maintains all IS policies.
• Provide consultative services on security, privacy and patient confidentiality issues.
• Assists in investigating, managing, and mitigating security incidents, complaints, or breaches. Ensures all reports required under applicable privacy laws and regulations are completed and submitted in a compliant and timely manner and at the direction of executive leadership and/or counsel.
• Performs other duties as assigned.

Job Type: Full-time

Pay: $100,000.00 - $135,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift
• Day shift
• Monday to Friday

Education:

• Bachelor's (Required)

Experience:

• Security Compliance Specialist: 3 years (Required)
• PCI: 3 years (Required)
• HIPPA: 3 years (Required)
• Information security: 3 years (Required)

Ability to Relocate:

• Los Angeles, CA 90033: Relocate before starting work (Required)

Work Location: Hybrid remote in Los Angeles, CA 90033