Employment Opportunities
Information Security Specialist/ HIPAA Security Officer
This position is currently open.
Public?:
Public
Division:
Health
Reports To:
IT Director
Type of Position:
Regular Full Time
Location:
Little Axe Health Center / 15951 Little Axe Dr. / Norman, OK 73026
General Description
The HIPAA Security Officer is responsible for developing, implementing, and maintaining security programs that ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This position oversees the protection of electronic protected health information (ePHI) through risk management, security controls, and continuous monitoring. The role works closely with IT, Compliance, and Legal departments to safeguard data, prevent breaches, and respond effectively to cybersecurity incidents.
Responsibilities & Duties
Develop, implement, and maintain HIPAA security policies and procedures to safeguard ePHI.
Conduct regular security risk assessments, vulnerability scans, and compliance audits.
Collaborate with internal departments to ensure understanding and adherence to HIPAA Security Rule requirements.
Provide employee training on HIPAA security awareness and best practices.
Monitor and analyze security alerts, logs, and incidents to detect potential threats.
Develop and maintain incident response and breach notification plans.
Partner with IT staff to perform penetration testing, system hardening, and patch management.
Ensure proper configuration and maintenance of firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus solutions.
Maintain documentation of all security policies, risk assessments, and incident response actions.
Review, update, and test security policies and procedures regularly.
Prepare reports for senior management detailing compliance status, security posture, and incident trends.
Stay current on HIPAA regulations, cybersecurity frameworks, and emerging threats.
Liaise with external auditors, vendors, and consultants during assessments or investigations.
Perform other related duties as assigned.
Education Requirements and Qualifications
Education and Qualifications
Bachelor’s degree in Information Technology, Cybersecurity, or a related field required.
Relevant certifications preferred (e.g., CISSP, CISM, CHSE, HCISPP, or CEH).
Minimum of 5 years of experience in information security, preferably in a healthcare or regulated environment.
Strong understanding of HIPAA regulations, NIST Cybersecurity Framework, and risk management methodologies.
Knowledge, Skills and Abilities
Excellent analytical and problem-solving abilities.
Strong written and verbal communication skills.
Ability to manage multiple priorities and work independently.
Demonstrated integrity, discretion, and attention to detail.
Must have a valid Oklahoma Driver’s License.
Must be able to pass a background check and drug test.
Physical Requirements and Working Conditions
Must be able to sit, stand, stoop, bend or kneel for long periods of time.
Prolonged sitting, standing, or walking; occasional bending, squatting, kneeling, and stooping; good finger dexterity and sensory perception; frequent repetitive motions; as well as talking, hearing, and visual acuity are required.
Frequent lifting (up to 15 lbs)
Occasional lifting (up to 30 lbs)
Must be able to respond to after-hours security alerts or emergencies when required.
The Absentee Shawnee Tribe of Oklahoma (AST) is committed to Equal Employment without regard to race, religion, color, gender, national origin, age, disability, or sexual orientation. However, in accordance with the Indian Preference Act (Title 25 U.S. Code 472 and 473) preference in filling vacancies are given to qualified Indian candidates. AST will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990 and its amendments.
Native American Preference/EEO/Drug Free/Smoke Free Workplace
Posted Date:
1 day 8 hours ago