The IT Information Security unit assesses risks to University information assets and works closely with a broad range of University constituencies to implement appropriate administrative, technical, and physical controls to comply with laws, regulations, funding agency requirements and security policies. The office develops, implements, and maintains a comprehensive information security program and establishes policies, procedures, training, and awareness initiatives designed to protect University information resources, limit liability, and prevent legal and regulatory violations. In addition, the office defines, promotes, and enforces policies and standards to manage risks throughout the digital identity lifecycle, including user identification and authentication, user privileges and account management, in accordance with laws, regulations and contractual obligations.
The HIPAA Security Analyst assesses risks to University information assets, particularly PHI (Protected Health Information). The HIPAA Security Analyst works closely with the CISO, the Associate CISO/HIPAA Security Officer, and Director of IT Security Policy & Compliance and partners and collaborates with IT staff, IT security staff and clinic staff regarding security policy, procedures, and compliance issues. The incumbent also provides general and specific technical expertise to clinic staff either directly or from an IT Support Center referral. IT support encompasses consulting, analyzing, training, writing documentation, resolving problems with software and hardware and installing/configuring new systems and devices.
The HIPAA Security Analyst reports to the Associate CISO/HIPAA Security Officer within the Information Security unit. This position primarily supports the health care clinic staff and systems in the College of Health Sciences.
Priority of Responsibilities
Support and ensure clinic compliance with the HIPAA security rule.
Support the vendor hosted enterprise electronic health records system.
Support the compute environment of the clinics
Information Security Program Administration
Assists in the development, implementation, and maintenance of a written “information security program” that addresses people, processes, and technology and contains administrative, operational, and technical safeguards in collaboration with the Associate CISO/HIPAA Security Officer. Supports documentation needs of the IT Security/Health functions by developing, writing, designing, editing, revising, and publishing in appropriate media.
Compiles metrics for measuring success of the clinic security program and produces reports for management and leadership teams as needed.
Assists in the development, implementation, and maintenance of information security policies, standards, procedures, and controls to safeguard clinic IT resources, including data and systems, and to comply with applicable laws, regulations, contractual, funding agency and other external requirements. Works with key IT staff, data custodians, and governance groups in the development of such policies.
Compliance and Enforcement
Monitors and documents assessment and compliance efforts including enforcement of University information security policies, controls, and guidelines. Assists in enforcing policies when non-conformance is detected.
Assists in the preparation of reports to clinic and IT leadership on a periodic basis or when requested.
Works with Internal Auditing, external auditors and consultants as appropriate on security audit compliance checks and control assessment engagements.
Risk assessment and Safeguard Recommendations (or Incident Prevention Recommendations)
Identifies and assesses information security risks and vulnerabilities and identifies the alternatives to manage them. Characterizes systems, assesses risks and recommends administrative, operational, and technical safeguards to lower risks associated with confidentiality, integrity, availability and compliance with laws, regulations, contractual or funding agency or other external requirements.
Provides technical advice and consultation to clinic staff on security or IT issues that require an understanding of the IT environment, as well as the compliance requirements.
Follows established information security incident response and reporting plans and protocols to address routine information security incidents, respond to alleged policy violations, or complaints from external parties.
Assists in the investigation of reported policy infractions and identification of remediation steps needed.
Information Security Training and Awareness Programs
Assists in the development of information security and privacy awareness programs and training initiatives to educate clinic staff about policies, procedures, information risks, and federal and state standards.
Develops, writes, designs, edits, and publishes content as appropriate.
Delivers prepared security awareness presentations to clinic.
IT Disaster Recovery
Assists in the preparation, testing and maintenance of the clinic IT business continuity and disaster recovery plan.
Assists clinic with preparing unit business continuity plans.
Knowledge Maintenance and Professional Development
Develops working knowledge of and/or experience with NIST, CERT, SANS, FERPA, HIPAA, GLBA, and PCI-DSS as appropriate.
Engages in professional development to maintain continual growth in professional skills and knowledge essential to the position.
General Computing Support
Works in association with CHS IT staff who support CHS clinic faculty and staff in their general computing needs by diagnosing, troubleshooting, and resolving problems with hardware, operating systems, application software, mobile devices, and other related peripherals
Assist with and/or coordinate installation and configuration of systems, software, and devices in conformance with health care standards.
Helps develop and/or supports effective technology solutions that support health care activities, including the electronic health records system used by the CHS clinics.
Keeps clinic systems up-to-date using appropriate tools and security practices.
Participates actively on special technology related projects or initiatives. Participates in research, evaluation and implementation of new technologies.
Maintains technical knowledge and keeps abreast of technical developments in area of expertise. Maintains knowledge of state-of-the-art technology, equipment, systems, and applicable laws and standards. Makes recommendations for use of specific solutions when appropriate.
Participates in campus teams, committees, and forums.
Maintains appropriate working relationships with colleagues and clients within IT and across the University. Follows University and clinic policies and procedures governing IT efforts. Works within the clinic’s overall strategic plan following project priorities and scope. Meets deadlines and achieves goals accordingly.
Performs miscellaneous job-related duties as assigned.
Bachelor’s degree in information security, information technology, or related field and four years’ of work related experience or equivalent combination of education, experience and certification. Experience via internships and/or academic coursework may substitute for one year related experience.
Knowledge of information security management, risk assessment, and regulatory compliance practices.
Knowledge of the policy and regulatory environment of information security.
Knowledge of information security policy and program development and administration is desirable.
Experience with presentation, interactive media, Web publishing, Web development, and social media tools.
Familiarity with information privacy and security issues, legislation, standards, and regulations affecting health care at the state and national level.
Familiarity with security technologies such as firewalls, vulnerability scanners, and Data Loss Prevention (DLP).
One or more security certifications desirable (CISSP, GIAC, SANS, etc).
Knowledge and familiarity with the operation and structure of University standard software packages, networking, server hardware and software, and knowledge of current technological developments.
In depth knowledge of specific applications and/or specialized computer peripherals is required.
Strong problem solving skills and the ability to accommodate various needs and work effectively with a diverse user base.
Excellent communication skills (oral, written, listening, presentation), organization, interpersonal, and customer-service skills.
Able to manage multiple projects and be detail oriented.
Demonstrated aptitude for learning quickly and functioning in a dynamic technological environment.
Strong project management, organization, written and verbal communication skills.
Ability to think critically and problem solve.
Ability to work collaboratively with diverse groups.
Ability to lift and move, with or without assistance, computer equipment and supplies weighing up to 50 pounds, dexterity to set up, operate and troubleshoot computers and associated peripherals.
Internal Number: 494450
About University of Delaware
The University of Delaware has a great tradition of excellence, from our roots extending back to a small private academy started in 1743, to the research-intensive, technologically advanced institution of today. Our alumni tell our story of achievement, from our first class, which included three signers of the Declaration of Independence and one signer of the U.S. Constitution, to the more than 154,000 living Blue Hens who are making vital contributions to the world. Vice President Joseph R. Biden Jr. and his wife, Jill, are both UD alumni. The University received its charter from the State of Delaware in 1833 and was designated one of the nation’s historic Land Grant colleges in 1867. Today, UD is a Land Grant, Sea Grant and Space Grant institution. The Carnegie Foundation for the Advancement of Teaching classifies UD as a research university with very high research activity—a designation accorded less than 3 percent of U.S. colleges and universities. UD ranks among the nation’s top 100 universities in federal R&D support for science and engineering. A state-assisted, privately governed institution, UD offers a broad range of degree programs: 3 associate programs, 147 bachelor’s p...rograms, 119 master's programs, 54 doctoral programs, and 15 dual graduate programs through our seven colleges and in collaboration with more than 70 research centers. Our student body encompasses more than 17,000 undergraduates, more than 3,600 graduate students and nearly 800 students in professional and continuing studies from across the country and around the globe. Our distinguished faculty includes internationally known authors, scientists and artists, among them a Nobel laureate, Guggenheim and Fulbright fellows, and members of the National Academy of Sciences, National Academy of Engineering and the American Association for the Advancement of Science. State-of-the-art facilities support UD's academic and public service activities. Our 146-foot coastal research vessel, Hugh R. Sharp—the most advanced in the U.S.—helps scientists across the region explore the sea. World-class figure skaters train at our High Performance Figure Skating Center. Partnerships with Nemours/A. I. du Pont Hospital for Children, Christiana Care and Thomas Jefferson University; the U.S. Army; Winterthur; Longwood Gardens and Hagley Museum offer unparalleled experiences in health sciences, defense research, art conservation, horticulture and history. The University is now transforming a 272-acre parcel, the site of a former auto assembly plant, into the Science, Technology and Advanced Research (STAR) Campus. Distinguished speaker series, symposia, 21 intercollegiate athletics programs and numerous intramural and club sports, more than 300 student organizations, concerts, exhibits and other arts and cultural activities enrich campus life.Thomas Jefferson once described Delaware as a "jewel" among states due to its strategic location on the East Coast, halfway between Washington, D.C., and New York City. Today, however, the location of Delaware's flagship university increasingly is invoked as "halfway between Los Angeles and London."In addition to our Georgian-inspired main campus in Newark, Del., UD has locations across the state--in Wilmington, Dover, Georgetown and Lewes. A thriving study-abroad program and expanding international partnerships further enhance our students' education as global citizens. We invite you to visit our campus or take our virtual tour today! http://video.realviewtv.com/education/udel/