HIPAA Security Rule Program Manager

The HIPAA Security Rule Program Manager will oversee the agency's system of analyzing and managing risk regarding confidential data in IT systems. The candidate will provide subject matter expertise to the DOC Privacy Officer, IG Director and executive leadership on risks and corrective actions related to proper management of confidential data in IT systems.

• Oversight of the department wide program regarding Security Rule Risk Analysis and OCIO standards
• Providing expert consultation and technical assistance to DOC executive leadership on processes required and appropriate actions to comply with requirements in HITECH regulations for IT Risk Assessments
• Advising DOC executive leadership on the corrective action plans, impact of risk ratings, and implementation of mitigation strategies
• Setting priorities for risk analysis of department IT systems containing PII and PHI for all DOC administrations
• Providing expert consultation and technical assistance to department employees on IT Risk Assessments, covering risk analysis, risk assessments, corrective action plans, HIPAA security Rule and OCIO standards compliance in relation to IT Risk Assessments
• Developing and implementing a formal IT Risk Assessment process to evaluate risks resulting from the use of information systems to agency operations, systems and personnel
• Assessing and determining the risk for IT Systems containing or processing Category 3 data or higher
• Performing risk assessments on applicable IT systems at least once every 2-3 years
• Assessing risk prior to the introduction of new IT systems
• Oversight of implementation of corrective action plans (CAPs) resulting from identified threats and vulnerabilities of assessed systems and assets
• Designing risk management and IT security training to assist with administration and program understanding of risk principals related to IT Risk Assessments

• Bachelor's degree involving major study in public or business administration, law, social sciences, computer science, or closely allied field
• Four years of experience of professional, supervisory, or consultative experience which must include advanced assessment or analysis of agency compliance with standards, policies, and legal requirements such as IT security rules
• Expert level knowledge of risk management techniques and principles and ability to apply them in a technical setting
• Experience in facilitation of groups and the ability to explain technical and legal concepts to a nontechnical and legal audience
• Demonstrated ability to plan and organize analysis and assessment of an agency's compliance with standards set out in policy or rule

• Benefits
• Health insurance
• Longevity pay
• Paid holidays
• Paid sick leave
• Paid vacation
• Retirement plan
• Flexible spending accounts
• Dependent care assistance
• Deferred compensation

The State of Washington is committed to cultivating and environment of integrity and trust. The Information Governance team has a unique opportunity for a HIPAA expert to join their team as the HIPAA Security Rule Program Manager.