Cognosante is on a mission to transform our country’s healthcare and national security systems. With our health and security-focused solutions, we help public sector organizations achieve the important task of providing the best possible public services to American Citizens. From Enterprise IT, Data Science, and Security Services, to full-scale Consumer Engagement and Interoperability solutions, we are moving government services forward with transformation and innovation. Learn how we are making a difference in people’s lives today!
The Security Lead is responsible for the development, implementation, and enforcement of policies, procedures, and practices necessary to ensure that the project complies with all applicable federal and state privacy laws and regulations and conforms to industry best practices for health care privacy and security. Applicable requirements include but are not limited to HIPAA Privacy and Security Rules, relevant provisions in the HITECH Act, the Privacy Act, and relevant regulations in the Tennessee Code. The Security Lead will be the designated point of contact who receives security- and privacy-related complaints, if any, associated with project activities and who can provide further information about security- and privacy-related matters.
Key job duties including specifying and documenting security and privacy regulations and associated compliance requirements, performing privacy impact assessments, documenting administrative, physical, and technical security requirements and working with project management and operational team members to ensure that all security and privacy requirements are adequately addressed. The Security Lead is responsible for adherence to CHFS security standards, compliance with HIPAA, HITECH, NIST requirements, IRS FTI, and communications with CHFS CISO in all privacy- or security-related matters, most importantly including notification and resolution of any incidents that may occur.
Analyze project operations, systems, data, and operating environments to determine appropriate security and privacy practices and corresponding controls
Translate statutory and policy obligations into implementable security and privacy requirements
Produce privacy and compliance documentation, including Privacy Impact Assessments, risk analyses, incident reports, and related artifacts
Produce security documentation, including a security management plan, contingency plan, and incident response plan
Work closely with project team members to make sure that applicable security and privacy requirements are incorporated in standard operating procedures and other controls implemented for the project
Participate in business, technical, and security reviews of the operational environment and technical solution to explain controls selected and implemented
Serve as a subject-matter expert to project management regarding security and privacy requirements
Bachelor’s Degree or equivalent experience
Minimum of five (5) years related experience in a large-scale mission critical environment
Must be familiar with at least one (1) major security compliance framework and be able to demonstrate a firm understanding of relevant State and Federal security/privacy regulations and policies, specifically under NIST, HIPAA, and IRS Pub. 1075
Must have successfully guided security compliance on at least one (1) project with similar size and scope
At least one (1) relevant professional information security certification required: CISSP, CISM, CRISC, SANS, GIAC, or similar
Extensive experience dealing with Sensitive Data information systems
Familiarity with government standards and practices relating to the proper handling of personally identifiable information (PII) and protected health information (PHI)
Candidates that do not meet the required qualifications will not be considered.
Formal education or professional experience in law, information technology, security, privacy, public policy, or health care
Prior experience performing in the role of a privacy or security lead in a health industry or government setting
Experience working in environments that process personally identifiable information (PII) or protected health information (PHI)