Security Compliance Specialist - Los Angeles, United States - University of Southern California

Description

Security Compliance Specialist - IS Security - Full Time 8 Hour Days (Exempt) (Non-Union)

Keck Medicine of USC
Hospital
Los Angeles, California

Provide Keck Medicine of USC operational, administrative and project support for the Information Security department whose purpose is to ensure the safety of Information Systems Assets and to protect systems from intentional or inadvertent access or destruction. This role includes, but is not limited to: Assists with designing, implementing and maintaining a comprehensive and effective privacy & security program for the hospital/health care entities. Provides consultative services on privacy and patient confidentiality issues. Participates in program development and implementation, policy and procedure development, compliance monitoring, developing and updating information security policies, standards and guidelines, and manages investigations. Develops and conducts privacy and security training and education. Responsibilities for this position include managing all Information Services audit requests; organize and fulfill all eDiscovery requests made to the IS department; manage the PCI DDS program for the organization; critical communication pathways across entire hospital/health care entities and University for compliance related topics. Provide administration for support and delivery of Keck Medicine of USC's security policies and systems. Participate in IS audit requests, particiapte in the development of policies, standards, procedures for the general operation of the InfoSec Team. Lead the PCI program for IS, and develop and manage a user awareness, education and training program focused on security priniciples. Will work on assigned projects both independently and as part of a team. Provide direction and leadership in the creation, maintenance, and enforcement of IS Policies. Participates in creation of new policies and/or updates to existing policies based on new solutions and/or the ever-changing cybersecurity landscape.

Essential Duties:

Provide administration for support and delivery of Keck Medicine of USC's security policies and systems. Participate in IS audit requests, participate in the development of policies, standards, procedures for the general operation of the InfoSec Team. Lead the PCI program for IS, and develop and manage a user awareness, education and training program focused on security principles. Will work on assigned projects both independently and as part of a team.
Provides direction and leadership in the creation, maintenance, and enforcement of IS Policies. Participates in creation of new policies and/or updates to existing policies based on new solutions and/or the ever-changing cybersecurity landscape.
Serve as the liaison and point person for all Information Services audit requests. Maintain necessary records in accordance with laws, regulations, and Keck Medicine policies.
Organize and fulfill all eDiscovery requests made to the IS department.
Develops and conducts security training, education and awareness to all applicable users.
Develops and maintains all IS policies.
Provide consultative services on security, privacy and patient confidentiality issues.
Assists in investigating, managing, and mitigating security incidents, complaints, or breaches. Ensures all reports required under applicable privacy laws and regulations are completed and submitted in a compliant and timely manner and at the direction of executive leadership and/or counsel.
Performs other duties as assigned.

Required Qualifications:

Bachelor's degree in a related field or the equivalent combination of experience and education that would demonstrate the capability to successfully perform the essential functions of this position.
3 years Experience in Compliance.
PCI and HIPAA experience.
Strong interpersonal skills and ability to deal effectively with diverse personalities and skill sets.
Ability to effectively interact with internal and external parties in resolving security complaints.
Excellent oral, written and presentation skills.
Analyze, asses and evaluate situations, circumstance, data, etc. to create recommendations and report on outcomes
Conceptualization and design
education, training and awareness programs (including but not limited to newsletters, alerts, online Healthstream training, phishing programs, etc.)
Interpretation of policies, trends, etc. in the Information Security space
Problem solving skills and ability to work under pressure
Knowledge of applicable federal and state laws/regulations/policies/principles/etc.
Project management principles
Able to effectively explain information and influence others in straightforward situations
Able to make appropriate decisions within guidelines and policies
Able to effectively prioritize own work to meet changing deadlines
Demonstrated understanding of healthcare operations.
Preferred Qualifications:

Thorough knowledge of state and federal regulations pertaining to HIPAA compliance program rules.
Thorough knowledge of federal regulations pertaining to PCI compliance program rules.
Required Licenses/Certifications:

Fire Life Safety Training (LA City) If no card upon hire, one must be obtained within 30 days of hire and maintained by renewal before expiration date. (Required within LA City only)

The annual base salary range for this position is $95, $158, When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate's work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations.

REQ