Skip to main content

 Go backto Jobs

HIPAA SME/Technical Analyst II
R6328Business planning analysis healthcare

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.


The HIPAA Subject Matter Expert/Technical Analyst II supports the Health and Human Services (HHS), Office for Civil Rights (OCR) promote the right to access health information and protection of the privacy and security of this information.  These highly trained and highly skilled consultants and analysts are integral to the success and performance of OCR and to further OCR’s mission.


Must be able to obtain government security clearance.

Essential Duties and responsibilities include the following.  Other duties may be assigned.

Reviews security and privacy complaints, data breach notification and cybersecurity incident reports and other correspondence and evidence to determine whether complaints, self-reported breaches or breach notification reports indicate non-compliance with the HIPAA Security Rule. Reviews data provided by the healthcare organizations across the nation to assess the overall impact of security and privacy incidents.

Evaluates and determines the technical sufficiency of submissions from HIPAA covered entities and business associates in response to data and documentation requests (i.e. Assessing reports related to security baselines, penetration tests, vulnerability assessments, and digital forensics).

Documents processes, standard operating procedures and system requirements; develops reports summarizing the analysis along with formulating recommendations for OCR to consider for future action.

Develops written reports with technical security analyses, summaries, and recommendations for action, reports on root causes of problems, efficiency, and support needs.

Provides expertise in the development and evaluation of health information privacy policies and technologies, specifically regarding protected health information; deidentified/re-identified health information; limited data sets.

Provides subject matter expert analysis, evaluation, and recommendations based on national security standards (NIST), industry best practices from the International Organization for Standardization and implementation specifications of the HIPAA Security Rule.

Provides din designing, implementing, and managing information security, data protection, and risk management programs, including policies, procedures, and controls for protected health information based on HIPAA requirements.

Provides advisory expertise in the areas of risk analyses, vulnerability assessments, incident response, security architecture, physical security, business continuity and disaster recovery, enterprise mobility, threat intelligence and analysis, security awareness and online safety, and resolution of highly.

Provides mentoring services and acts as a team lead to other HIPAA SMEs, as needed.

Providing leadership to other HIPAA SME’s acting as an OCR Policy expert.

Manages and track team caseloads, creates quarterly productivity goals and benchmarks, and maintains an appropriate level of quality assurance for case processing for each team member.

Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.  

Responsible for aiding in own self-development by being available and receptive to all training made available by the company. 


Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities and activities may change at any time with or without notice.


Bachelor's degree from an accredited university with the focus on Cybersecurity, Computer Science, Information Sciences or other comparable fields of study and a minimum of (7) seven years’ relevant experience, or equivalent combination of education/experience.

Preference will be given to the candidates with relevant industry certifications from CISSP, CISM, CIPP/CIPT.



Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers and the general public.


Ability to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Ability to compute rate, ratio and percent and to draw and interpret bar graphs.


Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.


The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job.

Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus.  Exposed to general office noise with computers printers and light traffic. 


Responsible for the integration of CNI Core Competencies into daily functions, including commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.


Promotes and encourages a culture of compliance with all applicable rules (federal, state, local, Federal Acquisition Regulations, Code of Federal Regulations, Prime Contract requirements, etc.) for themselves and the company as a whole. Fosters an environment in which they will report any violations or reasonably suspected violation of CNI policy, FAR, and/or CFR and are comfortable discussing the myriad compliance, conflict, FAR, CFR, etc. issues that arise during the performance of a government contract.  

EOE including Disability/Vet

****This position is contingent upon contract award ****


If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

Apply Today