The Associate Manager, HIPAA Security Compliance will support and participate in the development and implementation of consistent practices based on a defined framework and methodology to maintain HIPAA compliance requirements. To be successful in this role, they will need to be comfortable building relationships and driving change through advocacy and influencing. They should have a solid understanding of various HIPAA laws and the HITECH Act, while also possessing foundational IT competencies.
We are looking for a self-motivated individual with a strong risk management and compliance mindset. This is a great opportunity for someone who is excited about and wants to be a part of building a robust strategy in how we handle HIPAA Security Compliance from the ground up.
Participate in development of HIPAA Security Compliance program.
Manage and drive regular compliance activities such as HIPAA risk assessment, controls validation, and remediation of any gaps.
Maintain an annual work plan that includes HIPAA risk assessment and controls validation to ensure alignment with government regulations and internal policies and standards.
Participate in development, implementation and management of internal policies and controls supporting HIPAA Security Compliance.
Prepare reports of assessment results and recommendations to close any gaps to various audiences, including executive leadership and Board of Directors.
Develop documentation and carry out HIPAA Security Compliance activities to drive consistent processes.
Provide subject matter expertise based on industry experience and knowledge to ensure Best Buy remains in compliance with evolving HIPAA rules and regulations.
- 3+ years of work experience within HIPAA or other compliance frameworks, Information Security, Risk and Compliance, or Information Technology.
- 2+ years of experience participating in complex initiatives in areas of risk management and regulatory compliance.
- 2+ years of experience in applying/leveraging HIPAA Security Rule framework.
- 1+ years of experience with creating and documenting compliance processes and reporting on executive leadership level.
- 1+ years of experience in Internal Controls design, development and assessment.
- Bachelor's degree in Business, IT, Computer Science, Engineering, or related field or equivalent work experience.
- Familiar with Archer or other Governance, Risk and Compliance (GRC) tools.
- Effective communicator, relationship builder, and advocate for sound compliance practices.
- Excellent written and oral communication skills, inter-personal skills, and effective skills to support risk and compliance programs.
- Ability to communicate effectively across all levels of the organization; provide formal reports and presentations to senior executives as required.
- Knowledge of HIPAA, HITECH, HITRUST; general understanding of other governance frameworks, such as PCI, Sarbanes Oxley (SOX), COBIT, etc.
- Certifications CISSP/CISM/CRISC Certification is desired.
- Knowledge of the latest HIPAA laws and regulations.