SEARCH CAREER OPPORTUNITIES

GENERAL SUMMARY OF POSITION: 

Under the general direction of the University of Massachusetts Medical School’s (UMMS) Associate Vice Chancellor for Management and UMMS’ Senior Privacy Officer, the Manager of Data Privacy and Security (MDPS) shall act as the management-level individual within the Office of Management (Administration and Finance) responsible for the development, implementation and adherence to UMMS’ policies and procedures covering the privacy and security of protected health information under the Health Insurance Portability and Accountability Act (HIPAA).  The MDPS shall work closely with our Senior Privacy Officer and Information Security Officer to proactively address organizational requirements under HIPAA, including but not limited to: assessing potential privacy and security risks, responding to potential or actual privacy and security incidents, monitoring and auditing, training and driving risk mitigation and remediation activities.  The MDPS shall be the privacy and security liaison to UMMS’ departments and business units and shall communicate out and provide direction to key contacts throughout the organization who are responsible for day-to-day application-level access control and authorization.  The MDPS is responsible for understanding the business or academic model of respective UMMS units, as well as the relevant federal and state regulations and contractual requirements that impact UMMS’ Commonwealth Medicine business units.  The MDPS shall also generally assist in all other privacy and security compliance functions of the Office of Management to foster the development and operational implementation of appropriate privacy and security practices throughout the entire Medical School organization.

MAJOR RESPONSIBILITIES:

• Serve as the management-level privacy and security liaison with business units and academic and research departments for compliance-related requirements and questions
• Communicate with and provide direction and oversight to/for business units and academic and research areas to ensure that access control processes are properly implemented in accordance with the privacy and security practices of UMMS
• Manage responses to external privacy and security audit requests by developing processes and leveraging subject matter experts
• Facilitate responses to Request for Proposals, Customer Security Questionnaires and contractual documents regarding UMMS’ privacy and security practices
• Assist business and academic areas in classifying data as defined by UMMS and University Board of Trustee policies
• Monitor business, research and academic units to assess whether UMMS data are protected at the appropriate levels as defined by UMMS policies
• Monitor business units to assess the level of compliance with privacy and information security policies and standards and assist with necessary corrections
• Assist the Senior Privacy Officer and Information Security Officer in defining and appropriately disseminating information to business, research, and academic areas
• Assist the Senior Privacy Officer and Information Security Officer in incident assessment and remediation for business, research, and academic areas
• Coordinate with UMMS compliance and legal representatives to evaluate specific federal, state, contractual or individual reporting or notification requirements
• Participate in regular risk assessments throughout UMMS, and serve as primary management contact for information gathering and remediation activity, and tracking those activities in the Privacy and Security Workplans, as applicable
• Provide innovation to privacy and security activities by identifying and implementing procedural or technology enhancements to improve processes and enable efficiencies
• Provide management oversight of application access, role development and account recertification for business, academic and research applications
• Participate in appropriate privacy and security committees, as requested, and facilitate the vetting of policies and procedures
• Assist in identifying Privacy and Security risk areas or vulnerabilities
• Maintain knowledge of HIPAA, FERPA and other applicable privacy and security regulations, and collaborate with UMMS compliance and legal representatives to identify and analyze updates to applicable regulatory requirements

REQUIRED QUALIFICATIONS:

• Bachelor’s Degree in Business Management, Compliance/Risk Management, Information Security or equivalent experience
• 7 years of progressive experience in working on privacy and security matters within a Privacy Office, Information Security Office, Risk Management or Compliance Department
• Experience in leading privacy and security initiatives requiring direct communication with, and direction to, teams throughout an organization in order to ensure that privacy and security requirements are applied to applications and the access thereto
• Experience in privacy and security incidents and investigations with corresponding analysis and corrective actions/risk mitigations.
• Knowledge of and experience with HIPAA Privacy and Security Rule requirements and their practical application, and all other relevant state and federal privacy and security standards and regulations
• Ability to collaborate with UMMS management, IT and business stakeholders to achieve business, privacy and security objectives
• Excellent oral and written communication skills

PREFERRED QUALIFICATIONS:

• Experience in a healthcare environment, higher education environment or research organization
• Knowledge of information security standards such as ISO/IEC 27000, NIST, FISMA, PCI, FERPA
• Privacy, Security and/or Healthcare Compliance Certifications: CHC, CHPC, CIPP, CISSP, CISA, CISM

*LI-MR1