IT Security & Compliance Specialist - Hybrid

Grow your career at Cedars-Sinai!The Enterprise Information Services (EIS) team at Cedars-Sinai understands that true clinical transformation and the optimization of a clinical information systems implementation is fueled through the alignment of people, processes and technologies.Why work here?Cedars-Sinai Medical Center has been ranked the #1 hospital in California and #2 hospital in the nation by U.S. News & World Report, 2022‑

When you join our team, you’ll gain access to our state-of-the-art biomedical research facilities and advanced medical education programs. We are dedicated to helping you further your expertise — we offer learning programs, tuition reimbursement and performance-improvement projects so you can achieve additional certifications and degrees while gaining the knowledge and experience needed to advance your career.

We take pride in hiring the best, most passionate employees. Our talented doctors, nurses and staff reflect the culturally and ethnically diverse community we serve. They are proof of our commitment to creating a dynamic, inclusive environment that fuels innovation and the gold standard of patient care we strive for.What will you be doing in this role:The Information Security (InfoSec) Specialist is responsible for supporting the activities of the EIS information security team. Responsibilities include helping drive successful overall security compliance delivery. Tasks include performing special compliance projects and audits and contributing to process development. Assisting with the achievement of security reviews and tracking organizational compliance with regulatory standards and information security policy. Participates in security governance activities and tracks compliance and remediation activities of risk-based security assessments for technologies, systems, processes, and other components of the IT and business environments. Participates in the review and update of security policies, procedures, guidelines, and standards. Participates in projects related to information security regulatory and policy compliance, and security training. It helps create an enterprise-wide culture of information security awareness. Collaborates with team members to achieve documentation workflows and requirements for HIPAA compliance, assisting with third-party Business Associate Agreements and external party risk assessments, security-related exceptions, and data gathering for various internal and external audits.

Provides security compliance expertise for entire compliance and monitoring activities. This includes, but is not limited to, facilitating the following functions: HIPAA Security regulatory requirements understanding and interpretation, compliance monitoring, risk assessments, audit design and process workflows, remediation tracking, Request for Proposal development, vendor evaluation and selection, and contract negotiation and development. Ensures information security and regulatory compliance, risk analysis, audit and project tracking, and audit facilitation and management.

Responsible for working with internal and external operational partners (e.g., E&Y) in developing and planning audit reviews and monitoring project timelines.

Conduct internal self-audit efforts of IT asset compliance including crucial software licenses to document non-compliance with contract's terms and conditions.

Provide data analysis, manipulation and BI reporting using data toolsets such as Excel.

Works with Senior team members to ensure compliance enforcement of EIS to defined EIS Security Standards and effect remediation efforts and assist in balancing compliance efforts with given resources. Works to ensure appropriate assignment of compliance resources to each audit and has overall responsibility for completion of the compliance monitoring activity and/or audit. conducts and manages the audit within established time and budget parameters.

Maintains a solid grasp of Federal, State, regulatory agency standards/guidelines as it relates to security (HIPAA, ISO17799/27002, JCAHO), providing policy mentorship and assistance for the health system.

Coordinates approvals and annual review of security exceptions and technical security review assignments.

Experience Requirements:

One (1)+ years of experience in running IT security and/or compliance audits, preferably IT audits in a health care organization.

Requires audit or risk management experience, using standard methodologies, such as NIST, ITIL, HIPAA, PCI-DSS, ISO 27000 series principles, or completion of HIPAA Security auditing courses within the first year of employment.

Demonstrated experience in security auditing or compliance project management, systems analysis, and vendor/customer interactions required.

Educational/Certification Requirements:Bachelor’s Degree in Information Technology, Healthcare, or related field. (preferred)JobsLI-HybridWorking Title: IT Security & Compliance Specialist - HybridDepartment: Information SecurityBusiness Entity: Cedars-Sinai Medical CenterJob Category: Compliance/QualityJob Specialty: IT Security CompliancePosition Type: Full-timeShift Length: 8 hour shiftShift Type: DayBase Pay: $85,900.00 - $137,300.00Cedars-Sinai is an EEO employer. Cedars-Sinai does not unlawfully discriminate on the basis of the race, religion, color, national origin, citizenship, ancestry, physical or mental disability, legally protected medical condition (cancer-related or genetic characteristics or any genetic information), marital status, sex, gender, sexual orientation, gender identity, gender expression, pregnancy, age (40 or older), military and/or veteran status or any other basis protected by federal or state law.