Data Privacy & Security Analyst

Health Care District of Palm Beach County•West Palm Beach, FL

About The Position

To maintain and enhance the stability and effectiveness of the Health Care District of Palm Beach County (“HCDPBC”, “HCD”, or the “District”) by providing services to support the Health Care District Compliance, Privacy, & Ethics Program. Assists the Vice President / Chief Compliance and Privacy Officer in carrying out the functions and duties for the Program and serves as a key resource and point of contact for compliance, privacy, or ethics related matters. Data Privacy & Security Analyst contributes to safeguarding the confidentiality, integrity, and availability of sensitive and confidential data across the organization and its subsidiaries. This role drives the implementation, monitoring, and continuous improvement of enterprise privacy and security programs. The Analyst ensures compliance with federal and state regulations—including HIPAA, HITECH, FERPA, FIPA, Florida Sunshine Laws, and the State Cybersecurity Act—as well as industry standards and best practices such as NIST. The position supports compliance, information security, risk reduction, regulatory adherence, and the safeguarding of public and patient trust. Engages in Compliance, Privacy & Ethics activities to help advance all components of the organization’s compliance framework.

Requirements

Demonstrated experience in Information Technology/Security (Cybersecurity), Privacy, or Compliance, preferably within a healthcare environment.
Knowledge of and/or ability to research, communicate, and apply state and federal statutes, regulations, and best practices related to privacy, information security, and compliance (e.g., HIPAA Privacy/Security Rules, NIST Cybersecurity Framework).
Knowledge of auditing and monitoring practices, risk assessment methodologies, and information system controls. Ability to evaluate controls and practices against standards and rules.
Understanding of data governance principles. Familiarity with Data Loss Prevention (DLP) strategies, and Identity and Access Management (IAM) concepts and tools.
Ability to develop, revise, and implement policies, procedures, and process improvements, and effectively communicate updates.
Experience in managing or assisting with security or privacy incidents, investigations, and risk assessments with objectivity and sound judgment.
Proficiency with database applications and ability to learn new systems and technologies.
Proficient in Microsoft Office applications (Word, Excel, PowerPoint, Outlook).
Familiarity with healthcare systems and applications (Electronic Health Records).
Strong research and analytical skills with the ability to translate requirements and standards into clear, actionable guidance.
Ability to align privacy, security, and governance efforts with organizational goals.
Demonstrates integrity, professionalism, confidentiality, and objectivity.
Customer-focused and collaborative, able to serve as a liaison and support cross-functional initiatives.
Strong problem-solving, critical thinking, and decision-making abilities.
Effective verbal and written communication skills, including technical writing and report development.
Understanding of managerial and operational considerations that influence business objectives.
Strong project management skills, including organization, thoroughness, and follow-through.
Organized, adaptable, and capable of working independently or collaboratively in a dynamic environment.
Commitment to continuous learning and professional development in privacy, cybersecurity, compliance, and related disciplines.
Effective working relationships with personnel at all levels.
Maintains a strong work ethic, positive attitude, and supportive approach with colleagues and supervisors.
Demonstrates adaptability and composure while managing varied responsibilities.

Responsibilities

Actively contributes to Compliance, Privacy & Ethics program activities and supports implementation of all elements of an effective compliance program.
Provides ongoing support to the Vice President & Chief Compliance and Privacy Officer and department staff in carrying out assigned functions, work plans, and departmental goals.
Conducts and/or assists with internal audits, continuous monitoring, and annual and routine risk assessments to evaluate compliance with laws, regulations, and organizational policies and for process improvement.
Supports external audits and assessments (e.g., HIPAA, NIST CSF, PCI-DSS), including evidence collection, stakeholder coordination, and follow-up on remediation activities.
Reviews and analyzes data trends, systems, tools, applications, and controls to assess compliance and identify areas for improvement. Assists in identifying and refining methodologies to enhance departmental processes, tools, and work products.
Supports the development, revision, and promotion of privacy, security, and compliance training and awareness initiatives across the District (e.g., cybersecurity, phishing, privacy education).
Develops, revises, and implements privacy and security policies, procedures, and standards, including lifecycle oversight.
Participates in or leads investigations related to reported concerns, inquiries, or potential compliance or privacy issues.
Coordinates incident response activities and provides support for breach investigations.
Serves as a resource to District staff and management by providing guidance on privacy, information security, and compliance requirements.
Works to reduce risk and ensure compliance with all applicable privacy and security requirements, industry best practices, and organizational policies. Provides timely guidance and recommendations on appropriate courses of action to mitigate risk and ensure adherence to such pertaining to privacy, information security, and compliance.
Maintains open lines of communication to support a culture of compliance and ethical conduct.