IT Security Specialist (Hybrid)

Job Title: IT Security Specialist (Hybrid) Location: Durham NC Duration: 12+ Months Job Description: The EHR Security Coordinator is responsible for overseeing and ensuring the security of the organization's Electronic Health Record (EHR) system. This role involves managing access controls, conducting security audits, developing security policies, and ensuring compliance with healthcare regulations such as HIPAA and HITECH. The EHR Security Coordinator will work closely with IT, clinical, and compliance teams to secure patient data and protect the integrity of the EHR system. Key Responsibilities: Security Management & Compliance: Ensure the EHR system is secure and compliant with federal, state, and organizational security policies, including HIPAA, HITECH, and other applicable regulations. Monitor and enforce the appropriate use of EHR access controls, ensuring users have the correct level of access based on their roles. Conduct regular security audits of the EHR system, identifying and mitigating risks or vulnerabilities. Develop and maintain security policies, procedures, and guidelines specific to the EHR environment. Coordinate with stakeholders to implement and maintain security tools, such as firewalls, intrusion detection/prevention systems, and encryption mechanisms, as applicable. Access Controls & User Management: Oversee user provisioning and de-provisioning, ensuring appropriate access for all employees and contractors. Manage and audit role-based access controls (RBAC), ensuring proper access levels. Maintain system logs and user access records for auditing and compliance purposes. Incident Response & Risk Management: Respond to and investigate security incidents, ensuring timely resolution and reporting. Perform risk assessments on new modules or integrations, identifying vulnerabilities and developing mitigation strategies. Coordinate breach notification processes with clinical, IT, and legal teams in compliance with regulations. Collaboration & Coordination: Work with EHR implementation teams to integrate security measures into deployment. Collaborate with the IT security team to align EHR security with organizational cybersecurity strategies. Participate in governance and compliance meetings, providing insights and reports. Continuous Improvement: Stay informed about emerging security threats and best practices. Recommend improvements to the EHR security environment based on industry trends. Qualifications: Bachelor's degree in IT, Computer Science, Cybersecurity, or related field; relevant experience may substitute. Security Certifications (e.g., CISSP, CISM, HCISPP) are highly desirable. Working Conditions: Occasional travel to healthcare facilities. On-call availability for security incidents. Skills: Experience managing security incidents and risk management (7+ years). Experience in healthcare IT security, policies, risk assessments, and compliance (7+ years). Knowledge of RBAC, data encryption, healthcare regulations (HIPAA, HITECH) (7+ years). Proficient in healthcare IT infrastructure security (7+ years). Strong communication skills across departments and clinical teams (7+ years). #J-18808-Ljbffr