Reporting directly to the Chief Program Officer, the Contract and Compliance Systems Officer will interact with the contracts through the public funders requirements in helping the Child Abuse Prevention Center through privacy, security and information matters relating to its diverse scope of programs and service offerings. The position will be responsible for managing the organizations, policies and procedures and being the subject matter expert on privacy and information security requirements for all county contracts.
Essential Job Functions
- Promote and model a HIPAA-centric culture and provide education and support within the organization.
- Review and develop security-related contract documents
- Responsible for implementing, managing and enforcing information security directives as mandated by the county contracts and HIPAA
- Ensure that HIPAA requirements for access control, disaster recovery, business continuity, incident response, and facility security are properly addressed.
- Remains current on applicable state and federal privacy, confidentiality, and information security laws and compliance rules are.
- Assist in the administration and oversite of protected contracts, documents, and restricted access of individuals rights under HIPAA, including right to inspect, amend and restrict access to protected information.
Policies and Procedures:
- Works with Chief Program Officer and Executive Director to create, maintain, and revise privacy and information security policies, procedures, forms, notices and associated materials. Collaborates with other departments such as human resources and Information Technology as appropriate.
Audit and Risk Assessments:
- Conducts audits to determine if the Child Abuse Prevention Center is complying with privacy and information security policies, procedures, and applicable regulatory standards.
- Conducts periodic risk assessments to identify, prioritize, and evaluate privacy and information security risks. Identify gaps and implement migration or corrective action strategies that align with the organizational objectives, and contract objectives.
- Implements ongoing risk assessments and audits to ensure that information systems are adequately protected and meet HIPAA certification requirements.
· Receives, investigates and responds to privacy/information security questions and concerns, including those submitted through SIR/ Incident Reporting systems. Promptly, properly, and consistently addresses issues and takes steps and to prevent recurrence. Notifies Leadership with organization, so that the contracts are notified by the Chief Program Officer immediately.
· Provides guidance to human resource department to promote consistent and appropriate sanctions for failure to comply with State and Federal privacy and information security requirements as well as, organizational policies and procedures related to privacy information security.
· Leads an incident response to contain, investigate and prevent future computer security breaches
· Minimum of 3-5 years in compliance, including privacy and information security.
· Experience managing changing priorities, working independently and with a positive attitude.
· Experience maintaining a high degree of discretion, integrity, and sensitivity to confidentiality, and privacy.
· Experience in nonprofit environment a plus!
SKILLS AND COMPETENCIES:
· High degree of information technology knowledge
· Knowledge of California laws preferred as it relates to privacy, security and information regulations.
· Must be able to work independently, prioritize, multi-task, and interact with individuals at all levels of the organization.
· Strong strategic and critical thinking and decision making skills. Ability to identify issues and develop innovative solutions.
· Ability to articulate information and communicate easily, clearly and with tact.
· Strong verbal and written communication skills.