Virginia Commonwealth University - Richmond, VA
posted 2 months ago
Full-time - Mid Level
Richmond, VA
Educational Services
About the position
The IT Security & Compliance Architect at Virginia Commonwealth University School of Dentistry is responsible for developing, managing, and implementing processes to ensure compliance with HIPAA regulations regarding electronic Protected Health Information (ePHI). This role involves evaluating existing IT policies, conducting risk assessments, and collaborating with various teams to enhance the organization's security posture and compliance efforts.
Responsibilities
- Evaluate the organization's existing policies and procedures for HIPAA compliance by performing HIPAA risk assessments of all IT systems.
- Develop and assist with implementing new and updated disaster recovery (DR) and security policies and procedures within the School of Dentistry.
- Assess methods and procedures for storing and transmitting ePHI; identify security or compliance risks; research and recommend improvements.
- Perform regular audits and reviews of the organization's IT systems and infrastructure to assess the effectiveness of security measures and compliance efforts.
- Work with the CIO and other stakeholders to ensure appropriate usage of Active Directory accounts and system accounts at the level of least privilege.
- Develop and maintain incident response plans to handle security breaches effectively.
- Set up and configure IoT devices to ensure appropriate access levels and manage PCI compliance audits.
- Design and implement secure IT architectures to protect systems, networks, and data from cyber threats.
- Conduct regular risk assessments to identify potential security vulnerabilities and threats within the IT infrastructure.
- Collaborate with cross-functional teams to ensure security and compliance efforts align with organizational goals.
- Assist with compliance management and ensure adherence to relevant industry standards and regulatory requirements.
Requirements
- Experience with HIPAA compliance and risk assessments.
- Knowledge of IT security operations and disaster recovery procedures.
- Familiarity with Identity and Access Management (IAM) and Active Directory.
- Experience in conducting security audits and reviews.
- Ability to develop incident response plans and protocols.
- Knowledge of secure IT architecture design and implementation.
- Experience with compliance management for GDPR, HIPAA, PCI DSS, etc.
Nice-to-haves
- Certifications in information security (e.g., CISSP, CISM).
- Experience with cloud computing security measures.
- Familiarity with the payment card industry (PCI) compliance requirements.
Benefits
- Health insurance coverage
- Dental insurance coverage
- Retirement savings plan (401k)
- Paid holidays
- Professional development opportunities
