Our client has an immediate opening for an IT Director/Security Officer. This role will be responsible for overseeing all information technology operations while serving as the organization's designated HIPAA Security Officer.

Responsibilities:

• Serve as designated HIPAA Security Officer responsible for security policy implementation
• Develop, implement, and maintain comprehensive HIPAA security policies and procedures
• Conduct annual risk assessments and coordinate remediation efforts
• Oversee IT infrastructure design and operations with security-first approach
• Implement and manage role-based access controls, authentication, and authorization systems
• Configure and maintain encryption, endpoint security, network protection, and monitoring systems
• Manage security incident response, breach notification, and recovery procedures
• Ensure workforce security training, compliance monitoring, and documentation
• Create and maintain centralized security documentation with version control
• Evaluate vendor security practices and monitor third-party compliance
• Develop disaster recovery plans, identify critical systems, and assess contingency procedures
• Conduct vulnerability assessments, log reviews, and security audits
• Coordinate with compliance officers on regulatory requirements and audit preparation
• Other duties as assigned

Requirements:

• Bachelor's degree in IT, Computer Science, Cybersecurity, or related field required; Masters preferred
• CISSP, CISA, CISM, or equivalent security certification. Healthcare-specific certifications (CHPS, HCISPP) preferred. The candidate will obtain the required security certification within 12 months of hire if not already certified
• 5+ years of IT management experience in healthcare organizations with 3+ years of information security experience with HIPAA compliance
• Knowledge of the various regulations including but not limited to HIPAA Security Rule, HITECH Act, state data protection laws, and security frameworks (NIST, ISO 27001)
• Ability to identify, analyze, and investigate potential security incidents involving ePHI
• Ability to work with and maintain confidentiality of physician, patient, patient account, and personnel data
• Ability to work effectively within a team environment