Virginia Commonwealth University - Richmond, VA
posted 2 months ago
Full-time - Mid Level
Richmond, VA
Educational Services
About the position
The IT Security & Compliance Architect at Virginia Commonwealth University School of Dentistry is responsible for developing, managing, and implementing processes to ensure compliance with HIPAA regulations and guidelines, particularly concerning electronic Protected Health Information (ePHI). This role involves evaluating existing IT policies, conducting risk assessments, and collaborating with various teams to enhance the organization's security posture and compliance efforts.
Responsibilities
- Evaluate the organization's existing policies and procedures for HIPAA compliance by performing HIPAA risk assessments of all IT systems.
- Develop and assist with implementing new and updated disaster recovery (DR) and security policies and procedures within the School of Dentistry.
- Assess methods and procedures for storing and transmitting ePHI; identify security or compliance risks; research and recommend improvements.
- Perform regular audits and reviews of the organization's IT systems and infrastructure to assess the effectiveness of security measures and compliance efforts.
- Develop and maintain incident response plans to handle security breaches effectively.
- Work with the University's Network Services Team to set up and configure Internet of Things (IoT) devices ensuring appropriate access levels.
- Design and implement secure IT architectures that protect the organization's systems, networks, and data from potential cyber threats.
- Conduct regular risk assessments to identify potential security vulnerabilities and threats within the IT infrastructure.
- Collaborate with cross-functional teams to ensure that security and compliance efforts align with the organization's goals.
- Assist with compliance management to ensure adherence to relevant industry standards and regulatory requirements.
Requirements
- Senior level experience in IT security and compliance.
- Strong communication skills.
- Experience with Active Directory and Identity & Access Management (IAM).
- Knowledge of HIPAA regulations and compliance requirements.
- Experience in conducting risk assessments and security audits.
- Ability to develop and implement security policies and procedures.
Nice-to-haves
- Familiarity with General Data Protection Regulation (GDPR) and PCI DSS compliance standards.
- Experience in disaster recovery planning and implementation.
- Knowledge of cloud computing security practices.
Benefits
- Full-time position with competitive salary.
- Opportunities for professional development and training.
