Privacy/Security Officer
Arlington, VA

Job Description

It's Time For A Change…

Your Future Evolves Here

Evolent Health has a bold mission to change the health of the nation by changing the way health care is delivered. Our pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas, challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a difference in everything from scrubs to jeans.

Are we growing? Absolutely - about 40% in year-over-year revenue growth in 2018. Are we recognized? Definitely. We have been named one of "Becker's 150 Great Places to Work in Healthcare" in 2016, 2017, 2018 and 2019, and one of the "50 Great Places to Work" in 2017 by Washingtonian. We recognize employees that live our values, give back to our communities each year, and are champions for bringing our whole selves to work each day. If you're looking for a place where your work can be personally and professionally rewarding, don't just join a company with a mission. Join a mission with a company behind it.

Who You'll Be Working With:

Evolent Health is looking for a Privacy/Security Officer to be a key member of the Legal & Compliance department.

What You'll Be Doing:

The Privacy/Security Officer will work across Evolent Health to facilitate organizational compliance with policies, procedures, regulations, and guidelines pertaining to privacy and information security. The privacy and security programs assist in the security, confidentiality, and integrity of Evolent Health and client confidential information, including protected health information (PHI). Responsibilities include evaluation of system technology to support information privacy and security requirements; maintenance of confidentiality, integrity, and availability of data as the privacy and security programs integrate; development and maintenance of security policies and procedures including management of security risk assessments, the program budget, security/privacy complaints and incident activity, and enforcement; workforce security training and awareness; application of industry standards and best practices; external compliance assurances; and business continuity planning. The Privacy/Security Officer serves as an advisor and representative on key Compliance and Security-related Committee meetings.

The Experience You'll Need (Required):

* Oversees the establishment, implementation and adherence to policies and procedures that guide and support the provision of information security services and corporate policies on patient privacy and confidentiality
* Reviews new or revised government healthcare laws and regulations pertaining to security and privacy to determine if new policies or modifications of current policies are needed
* Reports to the organization's executive officers on emerging legislation/regulations and how the company is currently dealing with security and privacy issues
* Manages, tracks, and reports to the organization's executive officers and committee(s) on key metrics (e.g. number of privacy and security incidents received, summary of outcomes, etc.)
* Participates in outside healthcare organizations to keep updated on security and privacy developments and "best practices"
* Conducts privacy and security risk assessments, risk analysis and internal privacy audits to help the organization identify areas of opportunity and develop standards and procedures that support strategic, tactical and operational objectives on a cost-effective basis
* Makes recommendations on appropriate personnel, physical and technical security controls
* Manages the Information Security Incident and Breach Reporting program to ensure the prevention, detection, containment and correction of security and privacy breaches
* Participates in resolving problems with security and privacy violations
* Responsible for the content (and in some cases the delivery) of information security and privacy seminars and training classes
* Coordinates the communication of information security and privacy awareness to all members of the organization

Finishing Touches (Preferred):

* A high level of integrity and trust
* Good verbal and written communication skills
* Good business management skills/background and an understanding of healthcare operations
* Knowledge of security hardware and software products that comply with current industry standards
* Knowledge and understanding of technology-related law and public policy experience, clinical research and related issues
* Certified Information Systems Security Professional (CISSP®)
* Certified in Healthcare Privacy and Security (CHPS) through AHIMA
* Certified Information Systems Auditor (CISA®)
* Registered Health Information Administrator (RHIA) - preferred Or
* Registered Health Information Technician (RHIT)



Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.