Data Privacy & Security Analyst

To maintain and enhance the stability and effectiveness of the Health Care District of Palm Beach County ("HCDPBC", "HCD", or the "District") by providing services to support the Health Care District Compliance, Privacy, & Ethics Program. Assists the Vice President / Chief Compliance and Privacy Officer in carrying out the functions and duties for the Program and serves as a key resource and point of contact for compliance, privacy, or ethics related matters.

Data Privacy & Security Analyst contributes to safeguarding the confidentiality, integrity, and availability of sensitive and confidential data across the organization and its subsidiaries.

This role drives the implementation, monitoring, and continuous improvement of enterprise privacy and security programs. The Analyst ensures compliance with federal and state regulations-including HIPAA, HITECH, FERPA, FIPA, Florida Sunshine Laws, and the State Cybersecurity Act-as well as industry standards and best practices such as NIST. The position supports compliance, information security, risk reduction, regulatory adherence, and the safeguarding of public and patient trust. Engages in Compliance, Privacy & Ethics activities to help advance all components of the organization's compliance framework.

Essential Functions:

• Actively contributes to Compliance, Privacy & Ethics program activities and supports implementation of all elements of an effective compliance program.
• Provides ongoing support to the Vice President & Chief Compliance and Privacy Officer and department staff in carrying out assigned functions, work plans, and departmental goals.
• Conducts and/or assists with internal audits, continuous monitoring, and annual and routine risk assessments to evaluate compliance with laws, regulations, and organizational policies and for process improvement.
• Supports external audits and assessments (e.g., HIPAA, NIST CSF, PCI-DSS), including evidence collection, stakeholder coordination, and follow-up on remediation activities.
• Reviews and analyzes data trends, systems, tools, applications, and controls to assess compliance and identify areas for improvement. Assists in identifying and refining methodologies to enhance departmental processes, tools, and work products.
• Supports the development, revision, and promotion of privacy, security, and compliance training and awareness initiatives across the District (e.g., cybersecurity, phishing, privacy education).
• Develops, revises, and implements privacy and security policies, procedures, and standards, including lifecycle oversight.
• Participates in or leads investigations related to reported concerns, inquiries, or potential compliance or privacy issues.
• Coordinates incident response activities and provides support for breach investigations.
• Serves as a resource to District staff and management by providing guidance on privacy, information security, and compliance requirements.
• Works to reduce risk and ensure compliance with all applicable privacy and security requirements, industry best practices, and organizational policies. Provides timely guidance and recommendations on appropriate courses of action to mitigate risk and ensure adherence to such pertaining to privacy, information security, and compliance.
• Maintains open lines of communication to support a culture of compliance and ethical conduct.

Attributes/Knowledge:

• Demonstrated experience in Information Technology/Security (Cybersecurity), Privacy, or Compliance, preferably within a healthcare environment.
• Knowledge of and/or ability to research, communicate, and apply state and federal statutes, regulations, and best practices related to privacy, information security, and compliance (e.g., HIPAA Privacy/Security Rules, NIST Cybersecurity Framework).
• Knowledge of auditing and monitoring practices, risk assessment methodologies, and information system controls. Ability to evaluate controls and practices against standards and rules.
• Understanding of data governance principles. Familiarity with Data Loss Prevention (DLP) strategies, and Identity and Access Management (IAM) concepts and tools.
• Ability to develop, revise, and implement policies, procedures, and process improvements, and effectively communicate updates.
• Experience in managing or assisting with security or privacy incidents, investigations, and risk assessments with objectivity and sound judgment.
• Proficiency with database applications and ability to learn new systems and technologies.
• Proficient in Microsoft Office applications (Word, Excel, PowerPoint, Outlook).

Familiarity with healthcare systems and applications (Electronic Health Records).

• Strong research and analytical skills with the ability to translate requirements and standards into clear, actionable guidance.
• Ability to align privacy, security, and governance efforts with organizational goals.
• Demonstrates integrity, professionalism, confidentiality, and objectivity.
• Customer-focused and collaborative, able to serve as a liaison and support cross-functional initiatives.
• Strong problem-solving, critical thinking, and decision-making abilities.
• Effective verbal and written communication skills, including technical writing and report development.
• Understanding of managerial and operational considerations that influence business objectives.
• Strong project management skills, including organization, thoroughness, and follow-through.
• Organized, adaptable, and capable of working independently or collaboratively in a dynamic environment.
• Commitment to continuous learning and professional development in privacy, cybersecurity, compliance, and related disciplines.
• Effective working relationships with personnel at all levels.
• Maintains a strong work ethic, positive attitude, and supportive approach with colleagues and supervisors.
• Demonstrates adaptability and composure while managing varied responsibilities.

The Health Care District of Palm Beach County is an independent special taxing district that has served as a healthcare safety net for more than 36 years to fill in gaps in access to healthcare services. This unique healthcare system covers the entire county and provides a wide range of services such as nine community health centers (Federally Qualified Health Centers) which serve everyone regardless of ability to pay; school health teams in 172 public schools; a lifesaving Trauma Hawk aeromedical helicopter program; a rural, public teaching hospital, Lakeside Medical Center; an award-winning skilled nursing center; a ground ambulance program for Health Care District patients needing a higher level of care and the county's Trauma Agency, which ensures quality outcomes within the county's trauma system and leads initiatives to prevent traumatic injury.

We are committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of race, color, creed, religion, military or veteran status, age, sex, pregnancy status, genetic information, national origin or ancestry, citizenship, physical or mental disability, marital status, sexual orientation or identification status, or any other legally recognized category protected by jurisdictional, state or federal law. The information collected by this application is solely to determine suitability for employment, verify identity and maintain employment statistics on applicants.

We are also committed to maintaining a safe, healthy, and productive work environment for all employees. As such, we are a Drug-Free Workplace.

This role may require Agency of Health Care Administration (AHCA) background screening and clearance. As required under House Bill 531, applicants may review AHCA's education and awareness information at the following link: https://info.flclearinghouse.com/

Education:

• Bachelor's degree in health or business-related field (preferred Information Security or Computer Science).

• Specific compliance, privacy, and/or Information Technology/Information Security (Cybersecurity) experience and certification to be considered/accepted in lieu of Education requirement (refer to "Experience" section).

Experience:

• 2 years (minimum) of direct compliance, privacy, audit, legal, cybersecurity, or related work experience.

• Will consider highly qualified candidate with at least 5 years of direct field experience in compliance, privacy, or Information Technology (IT) / Cybersecurity program work experience, preferably in healthcare, in a large or complex organization, and a current specialized certification related to Compliance, Privacy, or Information Security/Cybersecurity (e.g., CISSP "Certified Information Systems Security Professional", CHC "Certified in Healthcare Compliance", CHPC "Certified in Healthcare Privacy Compliance" or CIPP "Certified Information Privacy Professional"). Other recognized supporting designations may include: CHC, CHPC, CIPP, HCISPP, CISM, CISA, CompTIA Security, CCSFP, CHPS, CMHIMS, and CCEP designation(s).

Certification:

• Certification in one of the following areas required or to be obtained within 18 months of hire or transfer into position: Certified in Healthcare Privacy Compliance (CHPC) or Certified in Healthcare Compliance (CHC) by the Healthcare Compliance Certification Board, or Certified Information Privacy Professional (CIPP) by the International Association of Privacy Professionals, or Certified Information Systems Security Professional (CISSP) by the ISC. Specialized certification required upon hire if educational or experience requirement is not met.

Licensure:

• Valid Florida Driver's License required.

Training:

• Demonstrates current knowledge of healthcare and government compliance through ongoing professional development.