IT Security Specialist

Job Title : IT Security Specialist

Job Id : 24-05285

Location : Raleigh, NC

Duration : 11 Months On Contract

Key Responsibilities :

• Security Management & Compliance :
• Ensure the Epic EHR system is secure and compliant with federal, state, and organizational security policies, including HIPAA, HITECH, and other applicable regulations.
• Monitor and enforce the appropriate use of Epic EHR access controls, ensuring that users have the correct level of access based on their roles.
• Conduct regular security audits of the Epic EHR system, identifying and mitigating risks or vulnerabilities.
• Develop and maintain security policies, procedures, and guidelines specific to the Epic EHR environment.
• Coordinate with the stakeholders to implement and maintain security tools, such as firewalls, intrusion detection / prevention systems, and encryption mechanisms, as applicable to the EHR system.
• Access Controls & User Management :
• Oversee user provisioning and de-provisioning, ensuring appropriate access to the Epic system for all employees and contractors.
• Manage and audit role-based access controls (RBAC) for the Epic system, ensuring that users have the correct level of access for their duties.
• Ensure that system logs and user access records are maintained for auditing purposes, and work with internal audit teams to ensure compliance.
• Incident Response & Risk Management :
• Respond to and investigate security incidents related to the Epic EHR system, ensuring timely resolution and proper reporting to relevant stakeholders.
• Perform risk assessments on new modules or integrations within the Epic EHR, identifying potential security vulnerabilities and developing mitigation strategies.
• Coordinate with clinical, IT, and legal teams on breach notification processes in compliance with regulatory requirements.
• Collaboration & Coordination :
• Collaborate with the Epic implementation and optimization teams to ensure that security measures are integrated into the deployment of new Epic features, updates, and third-party applications.
• Work closely with other members of the IT security team to ensure alignment between EHR security and overall organizational cybersecurity strategies.
• Participate in governance and compliance meetings, offering insights and reports on EHR security.
• Continuous Improvement :
• Stay informed about emerging security threats, technologies, and best practices related to EHR systems.
• Recommend improvements and optimizations to the Epic EHR security environment based on industry trends and emerging threats.