- Provide centralized leadership and oversight of privacy, security, and cybersecurity programs for (13) participating Health Centers through a shared-services model.
- Design, implement, maintain, and periodically update participating Health Centers’ comprehensive administrative, technical, and physical safeguards to support compliance with HIPAA, HITEQ, and applicable Health Center Program Requirements.
- Lead and oversee the completion of Security Risk Analyses (SRAs) at each participating Health Center, including risk identification, documentation, prioritization of remediation activities, and ongoing monitoring of corrective actions.
- Provide strategic oversight of data governance as it relates to privacy and security, establishing standards and guidance for data access, use, protection, and retention.
- Develop, standardize, and maintain security-related policies, procedures, and documentation across participating Health Centers.
- Provide strategic leadership and hands-on support for cybersecurity risk management, security controls, incident response planning, and breach preparedness.
- Coordinate and support investigation, management, documentation, mitigation, and reporting of security incidents and information breaches.
- Regularly brief Health Center executive leadership and governing boards, IT teams, compliance staff, and operational leaders on security posture, strategic initiatives, privacy, and risk-related trends.
- Support and promote workforce security awareness and training initiatives.
- Mentor and promote local security champions within the participating Health Centers.
- Assist Health Centers with third-party and vendor security considerations.
- Support audit readiness, assessments, and compliance reporting related to HIPAA, HITEQ, HRSA, and industry frameworks such as NIST CSF, CIS Controls, and HITRUST.
- Establish and monitor key performance indicators (KPIs) and key risk indicators (KRIs) to measure program effectiveness.
- Monitor regulatory changes, emerging cybersecurity threats, and evolving best practices, and recommend enhancements to security programs and controls.
CybersecurityHIPAARisk Management