JOB DETAIL

Job Summary

BDO RISE is the round-the-clock international services team and is dedicated to providing exceptional client service in the global economy. Our professionals operate seamlessly as part of BDO USA engagement teams, leveraging consistent best practices while accessing our global resources to deliver outstanding service and solutions for our clients. BDO’s Core Purpose is Helping People Thrive Every Day. Our Core Values reflect how we manage our work, our relationships and ourselves. As an employee of the firm, you will live true to our Core Values of people first, being exceptional every day in every way, embracing change, feeling empowered through knowledge, and choosing accountability. Our Core Values are the standards by which we conduct ourselves day in and day out, both internally and externally.

BDO is seeking a Sr. Associate in HIPAA and healthcare compliance to join its Governance, Risk & Compliance (GRC) Practice. The GRC Practice helps companies to build, manage, and monitor privacy and data protection programs while embedding privacy into Apps, websites, systems, and processes. We offer a variety of services, such as privacy managed services, assessments, Data Protection Officer services, Data Protection by Design and by Default program development, and website compliance. Candidates that are hired will be integral in providing these services for our clients.

Job Duties

Job Responsibilities

• Supports the execution of HIPAA risk assessments, completes engagement documentation, conducts analysis of control weaknesses and reports results
• Contributes to engagements in consultation with engagement manager including presentations of work product to client
• Creates initial project plans for client, helps in identifying key issues, and makes recommendations to address issues as directed by engagement manager
• Applies understanding of the health care industry including how payers, providers, and processors operate and use and/or disclose PHI/ePHI
• Applies understanding of healthcare information management systems and related security controls to protect systems that create, receive, maintain, or transmit PHI/ePHI
• Possesses practical experience with information security control frameworks, risk management, and security audits with a strong understanding of information security regulatory requirements and leading practices
• Participates in the review of internal controls based on frameworks such as HIPAA, NIST, and ISO
• Identifies and prioritizes initial key risks and assesses their impact and likeliness of occurrence
• Conducts client information gathering interviews and documents findings/notes
• Evaluates and recommends alternative courses of action and potential solutions to achieve best results for client in consultation with engagement manager
• Participates in and contributes to preparing reports for client highlighting work performed, issues identified, and recommendations
• Coordinates with other BDO practices in relation to technical topics and other due diligence in conjunction with the engagement manager

Qualifications, Knowledge, Skills and Abilities

Education:

• Bachelor's degree, required
• Healthcare Information Management or Information Technology certifications, required
• Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), preferred
• Privacy or healthcare compliance certifications (CHC, HCCP), preferred

Experience and Skills:

• 2-3 years of experience in management consulting, technology advisory, or technology project management, required
• Prior experience working within a national consulting organization, preferred
• Prior experience with HIPAA, HITRUST, ISO 27001/27701, NIST Privacy Framework, or NIST CSF Framework, required
• Basic technical skills: Microsoft Suite proficiency (Microsoft Excel, Word, PowerPoint, Visio, SharePoint, Teams, OneDrive, PDF)
• Experience with workflow technologies/privacy platforms and governance risk and compliance tools (Archer, One Trust, ServiceNow)
• Ability to work under pressure and meet regulatory deadlines
• Ability to self-manage daily tasks and self-review assignments
• Organized and proficient at managing multiple engagements/workstreams and information
• Familiarity with US based Healthcare entities
  • Ability to work in a team environment