Security, Incident, & Threat Management Team

About The Position

Requirements

• 7+ years in information security or IT operations in a healthcare provider, payer, health IT vendor, or other HIPAA‑regulated environment.
• Demonstrated leadership in security incident response and/or SOC operations with direct experience managing incidents involving PHI/ePHI.
• Strong background in formal change management (ITIL, ITSM platforms) for regulated environments, with experience supporting HIPAA and HITRUST assessments.
• Working knowledge of HIPAA Security and Breach Notification Rules, HITRUST CSF domains (especially Incident Management, Business Continuity & DR, and Information Protection Program), and NIST CSF.
• Experience interfacing with clinical leadership, Privacy/Compliance, Legal, and external auditors/assessors.
• Familiarity with AI governance or security controls for AI/ML systems.
• Relevant certifications (e.g., CISA, CISM, CRISC, CISSP, CDPSE, HITRUST CCSFP).

Responsibilities

• Lead the identification, triage, containment, investigation, and remediation of security incidents involving PHI/ePHI in alignment with HIPAA Security Rule incident procedures (45 CFR §164.308).
• Coordinate breach risk assessments and documentation to support timely notification obligations to affected individuals and HHS OCR, and state regulators where applicable.
• Operate and mature threat detection capabilities (SIEM/SOAR, EDR, email security, IDS) across EHRs, clinical systems, and connected medical devices, ensuring rapid response to threats that could impact care delivery.
• Own the formal change management process (ITIL‑aligned) for infrastructure, applications, and security controls in in‑scope HIPAA/HITRUST environments, ensuring risk assessment, approvals, testing, and back‑out plans for all production changes.
• Chair the Change Advisory Board (CAB) with representation from clinical operations, privacy, compliance, biomedical engineering, and IT to ensure that changes do not adversely affect patient care or ePHI availability.
• Ensure all changes to HITRUST‑assessed systems are tracked, documented, and, when required, reported in a manner that maintains the accuracy of the HITRUST control environment and certification.
• Integrate incident post‑mortems with change management by linking incidents to specific changes, feeding lessons learned into standard change templates, hardening baselines, and release criteria.
• Align incident and change management processes with the NIST Cybersecurity Framework functions (Identify, Protect, Detect, Respond, Recover) and NIST SP 800‑61 incident response lifecycle.
• Develop and maintain HIPAA‑aligned policies, procedures, and runbooks for incident response, emergency mode operations, and change control, including documentation and retention for audit readiness.
• Provide regular metrics and reporting (MTTD, MTTR, incident volume, change success rate, change‑related incidents) to security, compliance, and clinical leadership, highlighting impact on patient safety and regulatory risk.
• Partner with Privacy Officer, Compliance, Legal, and vendor management to coordinate third‑party incident handling and ensure vendors meet contractual and HIPAA/HITRUST requirements.
• Lead and participate in periodic incident response and disaster recovery exercises focused on clinical workflows and ePHI availability.

Benefits

• Medical, Dental, and Vision benefits
• Employer-paid Life and LTD
• 401k w/ matching – once eligibility is met
• Work/life balance
• Paid Volunteer Program
• Flexible working hours
• Generous FTO
• Remote work options
• Employee Discounts
• Parental Leave