Cybersecurity Lead - HIPAA

About The Position

Requirements

• Education: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
• Experience: 8+ years of experience in Information Security, IT Risk, or Compliance with a focus on HIPAA security, SIEM tools, and data protection platforms.
• Deep understanding of HIPAA Privacy and Security Rules, PIPL, HIPAA, DPDP Act, NIS2 Directive, CPRA, CCPA, and other global privacy regulations.
• Strong knowledge of HIPAA and NIST information security principles and practices.
• Experience in developing, documenting, and maintaining security policies and procedures.
• Proven ability to lead programs or initiatives without direct team management.

Nice To Haves

• Experience with ServiceNow GRC is a plus.
• Certifications: Relevant certifications such as Certified Information Systems Security Professional (CISSP), HealthCare Information Security and Privacy Practitioner (HCISSP) or Certified HIPAA Professional (CHP) are highly desirable.
• PCI ISA/QSA experience is a plus.
• Experience with common Information Security management frameworks, such as: NIST, ISO 27001/2, ISO 27701, preferred.
• Strong understanding of network, system and application security principles.
• Excellent analytical, communication, and project management skills.

Responsibilities

• Lead the development and implementation of cybersecurity and security frameworks aligned with HIPAA, PIPL, GDPR, and other applicable regulations.
• Develop, implement, and enforce policies and procedures for compliance with HIPAA regulations including Security Rule controls.
• Oversee the implementation of technical solutions to protect data, including encryption, access controls, and secure data transmission.
• Conduct regular risk assessments and reviews to identify potential vulnerabilities and maintain compliance with HIPAA standards.
• Participate, consult, and work closely with IT, legal, compliance, and business units regarding potential incidents and appropriate follow up measures.
• Provide training and resources to staff on HIPAA compliance and best practices for data security.
• Work closely with cross functional teams including IT, legal, Compliance, Privacy and other departments.
• Oversee compliance with industry best practices, and regulatory requirements including HIPAA/HITECH, PCI-DSS and ISO 27001 and update organizational policies and procedures accordingly.
• Perform periodic risk assessments of third-party vendors and ongoing compliance monitoring activities
• Lead and support HIPAA Security Risk analyses and compliance efforts under the HIPAA Security Rule
• Assess information system configurations to validate information assets are protected in accordance with applicable security requirements, policies, and industry standards.
• Serve as a company-wide resource and liaison on policies, HIPAA controls and provisions, communications, workflow, and quality improvement initiatives.
• Act as a subject matter expert on data protection, security controls, information security, and risk mitigation strategies.
• Oversee vendor risk assessments and validate third-party compliance with HIPAA security standards.
• Collaborate with legal, compliance, and IT teams to translate privacy policies into technical requirements.
• Stay current with emerging threats, regulatory changes, and best practices in cybersecurity and data privacy.
• Perform regular audits and assessments of systems to validate compliance with data protection regulations.
• Advise on technical and organizational measures and data transfer mechanisms.
• Support mergers and acquisitions by assessing security risks of target organizations.