- Entry level
- No Education
- Salary to negotiate
Lead for all security matters, including Governance, Risk, and Compliance, Cyber Security, Application Security, Identity and Access Management, Security Operations Management, and Business Continuity and Disaster Recovery
Serve as the primary point of contact between the account team, the Enterprise Risk and Security Services (ERSS) delivery team, infrastructure team (CIS), the Corporate Security group, and Customer to ensure that account activities are in aligned with Corporate Security Standards and Policy as well as client related security practices, policies, procedures, baselines and guideline.
Serve as a subject material expert on the topics of HIPAA Security, Privacy, Notification and Enforcement Rules, HITRUST, OMNIBUS, Medicaid, Medicare, DOD IA Directives and TRICARE Healthcare requirements, PCI/DSS, and other applicable standards, rules, regulations, and best practices as it relates to the Healthcare Industry
Ensure the effective execution of annual Security Risk assessments, including SOC1 Type 2, SOC2 Type 2, HIPAA and HiTrust assessments. Conduct related ongoing compliance monitoring activities in coordination with delegated Privacy Officer and compliance team members
Ensure all information technology systems, policies and procedures fully comply with applicable Healthcare privacy and security laws, rules, and regulations, including account specific policy and procedures
Ensure the execution of risk mitigation plans generated as a result of risk management analysis
Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of ePHI
Ensure the effective execution of security and compliance training for account employees, including the alignment of regulatory and account specific changes
Ensure the operational alignment and compliance with security policies, procedures and practices
Engage with business leaders and corporate functions such as legal, HR, IT, to support standard business operations
Review and monitor the security compliance of master service agreements for a specific Healthcare account provide advisory services to the account business team in the context of security requirements
Engage with external auditors, and other third parties in support of Security activities
Develop project plans, estimations, specifications, flowcharts, and presentations
Conduct regular project reviews and accurately communicates the status of projects in both formal and informal settings throughout project lifecycle.
A four-year college degree in Computer Science or equivalent certification, or experience is required
10 + years of experience in Information technology
7-10 years of experience in information security, with a primary focus on Healthcare
Knowledge of HIPAA Security, Privacy, Notification, and Enforcement Rules, Medicaid, Medicare, DOD IA Directives and TRICARE Healthcare requirements, and applicable state and federal guidelines regarding Healthcare privacy and security
Previous client facing and advisory experience required. Big4 IT risk management consulting experience a plus.
Deep insight of best practice standards and frameworks, such as ISO 27001/2 and NIST is required.
In-depth understanding of network and system security technology and practices across all major-computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.
A high level of integrity and trust
Experience in understanding and deploying risk management frameworks
Specialty in HIPAA IT Auditing or HIPAA IT Controls Design, Integration, and Testing.
2+ yrs HIPAA Risk assessments, HIPAA Security, Meaningful Use, Omnibus, Covered Entities, Business Associates, ePHI flow maps, risk assessments heat maps, control gaps, compliance monitoring, testing, risk remediation, and mitigation.
2+ years HIPAA HITECH assessments, understanding of HIPAA Controls and objectives, Covered Entities, Business Associates, Meaningful Use, HIPAA Control Mapping, Audit Protocols, around Applications, Databases, Networks, Servers, Domains, SAAS, Cloud, Encryption, Wireless networks, firewalls, DLP and IAM Solutions, Incident Response / DR plans and testing.
Understanding of DLP and eDiscovery tools as well as mapping Data Flows and processes.
Experience with Technology Risk Management / IT Audit function in Enterprise organizations
Employee Status :
Full Time Employee
About the company
Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process outsourcing services, dedicated to helping the world's leading companies build stronger businesses. Headquartered in Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 100 development and delivery centers worldwide and approximately 221,700 employees as of December 31, 2015, Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant.