HIPAA Security Analyst- Visa Independent

Regulatory Knowledge: Deep understanding of HIPAA Security Rule and NIST frameworks.Interoperability: Knowledge of standards like HL7 or FHIR to ensure the patient system communicates securely with other healthcare platforms.Critical Thinking: Balancing "clinical usability" with "risk reduction"—ensuring security measures don't slow down life-saving patient careExtensive Security experience especially in pharma space dealing with Patient data IT Business Analyst ResponsibilitiesRequirements Gathering: Collaborates with clinical staff and administrators to define what the system must do, such as managing Electronic Health Records (EHR) or billing.Process Optimization: Identifies bottlenecks in patient flow or data entry and recommends technical solutions to streamline these tasks.User Support & Training: Translates complex technical features into actionable training for doctors, nurses, and administrative staff.Security Analyst ResponsibilitiesFocuses on the protection of Electronic Protected Health Information (ePHI) and regulatory compliance.Risk Assessments: Conducts regular audits to identify vulnerabilities in the system’s architecture, data flows, and third-party integrations.Access Management: Implements "least-privilege" access and Multi-Factor Authentication (MFA) to ensure staff only see the patient data necessary for their specific roles.Incident Response: Detects and responds to security threats, such as phishing or data breaches, and leads the recovery process while documenting findings for legal compliance.Vendor Oversight: Manages Business Associate Agreements (BAAs) with system vendors to ensure they meet the organization's security standards Effective collaboration with product, data, and business teamsGood communication and documentation skills and can work with executive leadership on daily basisGood functional and domain knowledge of Pharma domainHealth care specific certification good plus:HCISPP (HealthCare Information Security and Privacy Practitioner): The gold standard for this specific role; it covers healthcare risk, governance, and the legal aspects of patient data.C PHIMS (Certified Professional in Healthcare Information and Management Systems): Focuses on the "Business Analyst" side—improving clinical outcomes through better technology management.Core Security & Audit (Must have): CISSP (Certified Information Systems Security Professional): Best for high-level security strategy and architecture. CISA (Certified Information Systems Auditor): Critical for the "Analyst" side, focusing on auditing system controls and reporting.Process & Business Analysis (Must have): CBAP (Certified Business Analysis Professional): For mastering requirements gathering and process modeling. ITIL 4 Foundation: Useful for understanding how to manage IT services in a high-stakes environment like a hospitalEssential Compliance documentation prior experience(must have):SRA (Security Risk Assessment) : A living document that identifies where ePHI is stored, transmitted, or at risk. This is a mandatory HIPAA requirement.BAA (Business Associate Agreements): ): Contracts with third-party vendors) ensuring they also follow strict security standards