Position Summary This position supports the Medical Faculty Associates ( MFA ) including, but not limited to assessing potential and actual risk to MFA data, business, and IT infrastructures that support its clinical, academic, research, and administrative functions. The position ensures collaborative outcomes with external vendors, affiliates, and partners with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities related to IT governance, risk, and compliance. Essential Duties and Responsibilities To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Other duties may be assigned.
- Conduct detailed security and third-party risk assessments to ensure projects and initiatives align with MFA compliance policies, standards, and procedures as well as HIPM, HITRUST, HITECH, and other government and medical agencies' regulations
- Recommend remediation strategies including risk-based prioritization of action items and identification of mitigating controls; as well as evaluate, develop, and recommend new information security assessment tools/techniques
- Develop HIPM-related training and awareness
- Collaborate with key stakeholders to identify, manage and, where appropriate, accept/ track risk
- Develop and implement security policies, standards and in line with HIPAA to ensure enterprise-wide risk mitigation
- Support and coordinate compliance-focused units and programs
- Contribute to and develop best practices, strategies, methodologies, and documentation/templates
- Experience in hybrid environments involving hybrid on-premises and public/private cloud as well as numerous vendor-specific Saas solutions
- Participate in 24x7 on-call rotation
- The omission of specific duties does not prevent the supervisor from assigning duties that are logically related to the position
Minimum Qualifications Education
- A Bachelor's in Computer Science or an equivalent combination of training and experience
Experience
- A minimum of 3 years of experience in IT operations or IT security
Physical Requirements
- Walk, stand, and reach outward on a constant basis in an office setting.
- Must be able to occasionally lift, carry, push, or pull over 100 lbs. as part of the role.
- Regularly exposed to healthcare settings that may require personal protective equipment.
- Requires manual dexterity to operate a computer keyboard, calculator, copier machine, and other equipment.
About GW MFA MFA physicians provide comprehensive patient care, offering one practice for the whole person with 52 medical and surgical specialties. As members of the GW School of Medicine and Health Sciences faculty, MFA providers are teachers and mentors for medical students, residents, fellows, and researchers preserving the rich tradition of academics, research, and healing. In addition to maintaining a closely integrated alliance with The George Washington University and The George Washington University Hospital (GWUH) which is separately owned and operated by Universal Health Services (UHS), the GW MFA has active referring relationships with 12 area hospitals. The GW MFA's leading healthcare presence in the DC metro region is complemented by a network of community-based practices in DC, Maryland, and Virginia. Given its geographic location in central NW Washington, DC, and proximity to more than 175 resident embassies, the MFA continues to evolve its international clinical outreach. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)