Information Security HIPAA Analyst

Role: Information Security HIPAA Analyst

Location: Kharadi, Pune

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living.

Are you ready to play a key role in safeguarding patient data and strengthening our global compliance posture This is a fantastic opportunity to own and drive our annual HIPAA Program, working with expert stakeholders and influencing meaningful governance across the organisation. If you enjoy structured programme delivery, risk assessment and cross functional collaboration, this role offers a purposeful and impactful career step.

What will you be doing?

• In this role you will take ownership of our annual HIPAA Program, guiding it from planning through delivery and reporting. Each year you will design the programme schedule in line with strategic direction, coordinate a broad network of internal and external partners and ensure that all activity is delivered with precision.

• You will work closely with our Senior Director of Governance Risk and Compliance, the HIPAA Security Officer and the HIPAA Privacy Officer, as well as the Head of Compliance who owns the programme.

• Your work will include planning and supporting an annual HIPAA Security Risk Assessment, reviewing remediation outcomes, performing IT system assessments, monitoring regulatory changes and ensuring all programme records are accurately maintained in OneTrust.

• Through clear communication, structured management and sound judgement, you will help maintain the highest standards of security and compliance across our systems and processes.

What will you need to be successful?

• Bachelor´s degree in Computer Science or related subject preferred.
• Certifications: Privacy or Security certifications would be advantageous but are not essential e.g. any HIPAA certification (CHPS, CHSE, CHPSE, CIPP/US), CISA, CISSP, ISO27001 or equivalent.
• Work from Office – 3 days in a week in UK Shift (12:30 PM IST to 9:30 PM IST)
• Experience: 5 years in Information Security, some of which should be in a compliance function. At least 2 years working on HIPAA compliance.
• At least 3 years in Program or Project Management. Prior experience of Privacy Law related Security Controls compliance would be very well received.
• Strategy: Provide inputs into HIPAA Strategy.  
• Program Management: Plan the program schedule each year, based on strategy provided by leadership, and manage execution against this schedule.
• Organise stakeholders and external resources. Creating and eventually presenting materials to SteerCo. Organising cadences and report metrics.
• Security Risk Assessment (SRA): Plan and scope the annual HIPAA Security Risk Assessment (SRA) in collaboration with leadership.
• Develop HIPAA SRA testing templates based on last year’s assessment. Support execution of the HIPAA SRA by a third-party consultancy, against scope agreed with leadership. Manage any remedial actions from the SRA.
• IT System Assessments: Performing HIPAA Security Assessments on IT Systems, following a defined process and template.  Tracking of remedial actions.
• Monitor the HIPAA Law for changes and propose changes to HIPAA Policy, Procedures and Standards based such changes or other inputs from the SRA process or program execution
• Tracking and reporting any HIPAA risks to leadership. Managing HIPAA records and workflow in OneTrust tool.
• Prior experience in deploying and assessing Information Security controls is essential. Prior experience in Program or Project Management is essential, preferably with a compliance context.
• Prior experience using OneTrust and experience in IT Risk Management are optional.

You Unlimited.

We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve.

Inclusion + Belonging: Committed to Welcoming, Celebrating and Thriving. Learn more about Employee Inclusion Groups on our website (https://www.smith-nephew.com/).

Other reasons why you will love it here!

• Your Future: Major medical coverage + policy exclusions and insurance non-medical limit. Educational Assistance.
• Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave.
• Your Wellbeing: Parents/Parents-in-Law’s Insurance (Employee Contribution of 8,000/- annually), Employee Assistance Program, Parental Leave.
• Flexibility: Hybrid Work Model (For most professional roles)
• Training: Hands-On, Team-Customized, Mentorship
• Extra Perks: Free Cab Transport Facility for all employees; One-Time Meal provided to all employees as per shift. Night shift allowances.

#YS1