Engagement Type
Contract
Short Description
The Compliance Officer will be familiar with risk management comfortable leading internal risk assessments and possess knowledge of HIPAA and NIST privacy and security requirements for health information networks.
Complete Description
The candidate will be allowed to work remotely but will need to be onsite at short notice. There is a mandatory three week training onsite at the beginning of the engagement.
Once all staff return to site the candidate will need to work onsite full time.
The NC HIEA Compliance Officer will ensure that operations follow all relevant state and federal requirements for securely transacting health information via the HIE Network NC HealthConnex.
The Compliance Officer will be familiar with risk management comfortable leading internal risk assessments and possess knowledge of HIPAA and NIST privacy and security requirements for health information networks.
This position will work closely with the NC HIEA leadership team DIT legal counsel and DIT Privacy Team and DIT Security and Risk Management Team to ensure continual improvement of the NC HIEAs security and risk profile.
Responsibilities
- Assist with the development and implementation of a compliance program for the NC HIEA that includes preparation for HITRUST certification
- Create sound internal controls and monitor adherence to them
- Draft and revise policies
- Proactively audit processes practices and documents to identify weaknesses
- Evaluate activities to assess compliance risk
- Collaborate with external auditors and DIT Security Team when needed
- Set plans to manage a crisis or compliance violation
- Educate and train employees on regulations and industry practices
- Address employee concerns or questions on compliance
- Keep abreast of industry standards and business goals
Requirements
Proven experience as a Compliance Officer
Experience in risk management
Knowledge of HIPAA and NIST requirements
Familiarity with industry practices and professional standards
Excellent communication skills
Integrity And professional ethics
Attention To detail
Required / Desired Skills
Skill
Required / Desired
Amount
of Experience
Knowledge of privacy laws (state and federal such as HIPAA (preferred) PCI CJIS); proven risk management experience.
Required
Years
Experience in creation of risk management strategies and policy development to handle data breaches and other incidents.
Required
Years
Knowledge of NIST controls and experience with completing / conducting assessments; written and verbal communication.
Required
Years
Strong conflict management skills in order to work with senior management to ensure security and data protection rules and regulations are in place.
Required
Years
Knowledge of cybersecurity and privacy principles
Required
Years
Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action.
Required
Years
Ability to work across departments and business units to implement organizations privacy principles and programs.
Required
Years
Ability to develop update and / or maintain standard operating procedures (SOPs).
Required
Years
Ability to develop clear directions and instructional materials.
Required
Years
Questions
Description
Question 1
Absences greater than two weeks MUST be approved by CAI management in advance and contact information must be provided to CAI so that the resource can be reached during his or her absence.
The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement
Question 2
The candidate will be allowed to work remotely but will need to be onsite at short notice. There is a mandatory three week training onsite at the beginning of the engagement.
Once all staff return to site the candidate will need to work onsite full time. Do you accept this requirement
Question 3
Please list candidates email address
Question 4
Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
Question 5
Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement
Question 6
Vendor must notify the agency if any portion of the requirements listed in this task order is to be outsourced to other countries.
Do you accept this requirement
Question 8
Payment for all approved hours will be paid at the straight hourly rate regardless of the total hours worked by the engaged resource.
It is the responsibility of the supplier to adhere to any applicable compensation laws including payment for overtime hours.
Do you accept this requirement
Question 10
Please list the city and state where the candidate is currently located.