Apply Now Clicking "Apply Now" opens the link in a new window.

Responsibilities*

  • Preparing or reviewing HIPAA Security Compliance Assessments for new information systems and information technology services
  • Evaluating assurances of security and compliance for vendors and partners accessing Michigan Medicine Health Information
  • Answering security compliance and policy questions raised by Michigan Medicine workforce, assigning and triaging to other departments as appropriate, recognizing and escalating critical issues
  • Advising and assisting other offices on policy development, including the Office of the Chief Information Security Officer for Michigan Medicine
  • Tracking, reporting, and escalating violations of information security policy
  • Supplemental review and tracking of information security policy exceptions
  • Assisting in development, review, and dissemination of information security awareness communications in coordination with other institutional stakeholders
  • Identifying information security risk areas where further awareness and training is needed within the institution
  • Providing subject matter expertise to the Compliance Education Committee
  • Presenting pertinent information security topics, outreach sessions, and in-service training
  • Reviewing and following up on the implementation of Corrective Action Plans by departments
  • Assisting Privacy Compliance team in breach risk analysis associated with security incidents, interpreting and validating (as needed) the conclusions reached by Information Assurance

Join in the development/evolution and deployment of emerging core functions, including but not limited to:

  • Continuous auditing of security compliance for university units working with Michigan Medicine Health Information or with any HIPAA Protected Health Information
  • Continuous auditing of the application of university Security Risk Management processes to above units, including assessment and remediation
  • Maturing the HIPAA Risk Analysis for Michigan Medicine and assuring Risk Analysis across the University of Michigan covered entity
  • Measuring the effectiveness of security compliance programs through data analytics and the creation of metrics

As a compliance professional and member of the Michigan Medicine Compliance team, the successful candidate will:

  • Communicate
    • Regular status updates on assigned work
    • Potential issues observed, including those in other compliance realms
  • Encourage and consider diverse viewpoints
  • Collaborate both inside and outside the department to accomplish goals
  • Dialogue openly
  • Support a positive environment through empathy, compassion, and energy
  • Assist Michigan Medicine Compliance colleagues in the effective use of information technology resources such as Excel and JIRA queries and reports
  • Develop themselves professionally through relevant reading, coursework, training, and certifications in the security, audit, and compliance realms
  • Other duties as assigned

Required Qualifications*

  • Requires a bachelor's degree and 3-5 years of relevant experience in IT administration or security, or an equivalent combination of education and experience
  • Requires understanding of information security mechanisms and concepts, including the risk management framework
  • Requires strong analytical and creative problem-solving abilities
  • Requires excellent writing, communication, interpersonal, presentation, and organizational skills
  • Requires the ability to work effectively and collaboratively as an individual contributor or team member in a diverse work group and the wider university community
  • Requires the ability to work independently while completing assignments on time, with consistent high quality
  • Requires solid organizational, time management and leadership skills, including the ability to successfully work on multiple projects simultaneously
  • Requires proficiency in basic office productivity and task management tools – Excel, Word, Powerpoint, Outlook

Desired Qualifications*

  • Deep knowledge of and experience in applying HIPAA and associated guidance; other laws and regulations relevant to healthcare or academic medicine; and NIST security standards is preferred
  • Experience performing certification and accreditation under FISMA is preferred
  • Security, compliance, or auditing certifications such as CISA, CISSP, HCISPP, or CIA are preferred
  • Experience working in healthcare, especially academic medical centers or other large healthcare delivery organizations is preferred
  • Experience working directly with clinicians and university faculty is preferred
  • Understanding of internal controls is preferred
  • Experience planning, performing, and reporting on audits is preferred
  • Experience writing or editing policy is preferred
  • Experience diagramming business processes and data flows is preferred
  • Experience analyzing data and creating or calculating metrics is preferred
  • Experience solving problems through LEAN is preferred
  • Knowledge of Michigan Medicine or U-M policies is preferred

Background Screening

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings.  Background screenings are performed in compliance with the Fair Credit Report Act.

Application Deadline

Job openings are posted for a minimum of seven calendar days. This job may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.