The IT team at Planned Parenthood of Greater Washington and North Idaho (PPGWNI) is on the lookout for an IT Security and Compliance Specialist. This is a full-time, remote role (37.5 hours/week) working Monday-Friday with some evening or weekend work as needed. For business reasons, we require that candidates live in Washington state.

The IT Security and Compliance Specialist will be responsible for ensuring the security and compliance of our IT infrastructure, systems, and processes in accordance with HIPAA regulations and industry best practices. This individual will work closely with our existing IT team, third-party vendors, and our Managed Security Services Provider (MSSP) to maintain, enhance, and assess our cybersecurity measures and ensure compliance with all relevant regulations and policies.

Core responsibilities

• Develop, implement, and maintain IT security and compliance policies, procedures, and guidelines in accordance with industry best practices and regulatory requirements.
• Coordinate incident response activities, including containment, eradication, and recovery efforts in collaboration with other IT team members and external resources when necessary.
• Evaluate the effectiveness of existing security controls and recommend improvements or additional solutions to address identified gaps or vulnerabilities.
• Maintain and update IT asset inventory, ensuring accurate tracking of active systems and decommissioned equipment.
• Oversee and ensure the proper installation and functioning of antivirus software and system updates across all devices.
• Monitor and analyze security logs and alerts from various security systems, including those fed into Splunk by the MSSP. Investigate and respond to potential security incidents in collaboration with the MSSP.
• Collaborate with our MSSP to address internal vulnerability scanning reports and resolve identified vulnerabilities.
• Implement and enforce timely removal of terminated staff and contractors from Active Directory and OKTA.
• Liaise with external auditors and regulators during compliance audits and assessments, providing documentation and evidence as needed.
• Perform periodic access reviews to ensure that users have the appropriate level of access to systems and data based on their job responsibilities and the principle of least privilege.
• Audit and reconcile employee listings in Active Directory and OKTA with HR records.
• Establish and maintain effective access control processes, including badge requests and deactivation for former employees and contractors.
• Review and update security settings for email, firewalls, and network diagrams on an annual basis.
• Coordinate annual HIPAA Security Risk Assessments with third-party vendors, providing necessary information and ensuring the implementation of corrective action plans.
• Facilitate annual penetration testing conducted by a third-party.
• Manage the vendor risk assessment process, evaluating new and existing vendors for risk related to ePHI, PII, and PCI data.

Required qualifications

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• Experience with vendor risk assessment and management processes.
• Ability to work independently and as part of a team.
• Live in Washington state with the ability to travel to PPGWNI health centers as needed.

Preferred qualifications

• A minimum of 5 years of experience in IT security and compliance, preferably in a healthcare setting.
• Familiarity with HIPAA regulations and industry best practices for cybersecurity. • Knowledge of Active Directory, OKTA, Office 365, and other relevant systems and tools.
• Experience with security monitoring tools such as Splunk, and working with Managed Security Services Providers (MSSPs).
• Knowledge of Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP).
• Excellent problem-solving, organizational, and communication skills.
• Relevant certifications such as CISSP, CISM, or CISA.
• Knowledge of incident response and management processes.
• Familiarity with network security technologies, such as firewalls and intrusion detection/prevention systems.

All full-time employees have access to perks that include:

• Generous PTO and paid holidays.
• A full benefits package – including medical and dental – with the individual employee’s insurance premiums covered 100%.
• Short and Long Term Disability, Free Basic Life, and Accidental Death and Dismemberment (AD&D).
• 401k retirement plan with up to a 5% employer match
• Additional compensation for staff who pass our internal Spanish competency test.
• Ongoing training and professional development opportunities.

What it's like to work at Planned Parenthood

We understand that excellent patient care starts with staff who feel respected, cared for, and engaged in their work. With that in mind, we constantly work to ensure that staff needs are met and that we are providing a supportive workplace where everyone feels like they belong.

Who we are and what we do

PPGWNI is a leading health care provider, educator, and advocate, serving nearly 32,000 adults and teens throughout Central and Eastern Washington and North Idaho annually. For over 50 years, our dedicated staff have been providing every person in our community access to the comprehensive health care services, education programs, and fearless advocacy they need to be healthy and plan their futures.

PPGWNI is committed to diversity, equity, and inclusion. We believe we are most impactful when people with a wide range of backgrounds, experiences, and identities come together with common purpose. We encourage candidates from all backgrounds to apply.