About the Role
Fully remote | Employee or Contractor | 10 hrs/week | Flexible hours
EmpoweRx Inc is a company dedicated to promoting public health services and products at pharmacies, with a focus on technology. Our goal is to empower individuals to take charge of their health through the use of innovative technology solutions.
Birth Control Pharmacist, a division of EmpoweRx Inc, provides education and training, implementation assistance, resources, and clinical updates to pharmacists prescribing contraception and key stakeholders, as well as leading and stimulating advocacy, research, and policy efforts to expand the role and realize the potential of pharmacists in reproductive health and justice. We are excited to expand the solutions we offer to include technology, which is made possible by federal funding from the CDC.
As the HIPAA Security Officer with Birth Control Pharmacist, you will work closely with a software engineer, designer, and product owner. You will be a member of a small and agile team, and you will play a crucial role in shaping the company's security procedures and organization. You will have the ability to take ownership of projects, work autonomously, and thrive in a fast-paced, flexible environment.
Responsibilities
- Serve as the security official who is responsible for developing and implementing security policies and procedures for a HIPAA-compliant health technology
- Identify and analyze potential risks to e-PHI, and implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level
- Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems.
- Design computer security strategy and engineer comprehensive cybersecurity architecture.
- Identify, define and document system security requirements and recommend solutions to management.
- Configure, troubleshoot and maintain security infrastructure software and hardware.
- Install software that monitors systems and networks for security breaches and intrusions.
- Monitor systems for irregular behavior and set up preventive measures.
- Plan, develop, implement and update company’s information security strategy.
- Educate and train staff on information system security best practices.
- Perform a periodic assessment of how well its security policies and procedures meet the requirements of the HIPAA Security Rule
Required Qualifications
- Must legally reside in the US and all work must be completed in the US (due to federal funding requirements).
- In-depth knowledge of the HIPAA Security Rule and other government technology laws.
- Must possess a high degree of integrity and trust along with the ability to work independently.
- At least 5 years of experience working in cybersecurity or information technology with a bachelor s degree.
- Minimum of 1 year of experience in vulnerability management, application and software security team, malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
- Solid experience in application security and software development for healthcare
- Experience with security tools (e.g. SAST, DAST, IAST, SCA etc.)
- Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc.
- Experience with CICD pipeline, security tools integration and secure SDLC
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
- CISSP, OSCP, any DevSecOps or other related Information Security certification
- Experience with cloud-based infrastructure (AWS, Azure, or Google Cloud)
Preferred Qualifications
- Experience working with healthcare providers (especially pharmacists) preferred, but not necessary
- Passion for reproductive rights