Pacific Health Group ยท 5 hours ago
Administrative Assistant
San Diego, California, United States
Full-time
Hybrid
Director/ExecutivePacific Health Group is at the forefront of revolutionizing healthcare. The Director of Information Technology & Information Security is responsible for the end-to-end ownership of all technology systems, data security, and regulatory compliance, ensuring that all systems and operations meet or exceed HIPAA and industry best practices.
Health CareHospitalMedicalTelehealth
Responsibilities
Architect and maintain a formal, organization-wide Information Security Program
Define and enforce security controls across applications, infrastructure, devices, and users
Establish policies for data classification, encryption, access control, logging, monitoring, and retention
Ensure least-privilege access and zero-trust principles are implemented across systems
Continuously monitor evolving threat landscapes and proactively adapt controls
Serve as the internal authority for HIPAA Security Rule and Privacy Rule compliance
Ensure proper safeguards for the creation, storage, transmission, and disposal of PHI
Maintain compliance documentation, risk assessments, and audit evidence
Lead HIPAA risk analyses and remediation plans
Oversee Business Associate Agreements (BAAs) from a security and IT standpoint
Coordinate and support internal and external audits, assessments, and investigations
Own the design, implementation, and maintenance of all IT systems, including:
Cloud platforms
Networks and connectivity
End-user devices and endpoints
SaaS applications and internal tools
Ensure systems are secure, resilient, and scalable
Implement and maintain:
Backup and disaster recovery plans
Business continuity procedures
System redundancy and failover strategies
Approve and govern all technology deployments and architectural changes
Establish formal incident response plans and escalation procedures
Lead response efforts for security incidents, attempted breaches, phishing, impersonation, or data exposure
Conduct root cause analysis and implement corrective actions
Ensure proper breach notification processes are followed when required by law
Maintain logs, alerts, and monitoring systems to detect suspicious activity
Define and enforce controls for sensitive data, PHI, and confidential business information
Ensure encryption standards are applied to data at rest and in transit
Govern data access, sharing, and retention policies
Partner with legal and compliance stakeholders on privacy matters
Prevent unauthorized data access, leakage, or misuse
Evaluate security posture of third-party vendors and platforms
Approve technology vendors based on security, compliance, and risk criteria
Monitor ongoing vendor compliance and contractual obligations
Ensure third-party access is controlled, monitored, and revoked as needed
Develop and enforce IT and security policies applicable to all staff
Deliver security awareness training, including phishing and impersonation prevention
Ensure staff understand approved communication channels and security protocols
Investigate and address violations of IT or security policy
Establish clear escalation paths and disciplinary guidance related to security breaches
Define a long-term IT and security roadmap aligned with business growth
Provide regular reporting to executive leadership on:
Security risks
Compliance status
Incidents and trends
Improvement initiatives
Advise leadership on technology risk, investments, and trade-offs
Balance operational efficiency with regulatory and security requirements
Qualification
Required
End-to-end ownership of all technology systems, data security, and regulatory compliance
Establish, govern, and enforce the organization's security posture
Ensure that all systems, data, and operations meet or exceed HIPAA, HITECH, and industry best practices
Architect and maintain a formal, organization-wide Information Security Program
Define and enforce security controls across applications, infrastructure, devices, and users
Establish policies for data classification, encryption, access control, logging, monitoring, and retention
Ensure least-privilege access and zero-trust principles are implemented across systems
Continuously monitor evolving threat landscapes and proactively adapt controls
Serve as the internal authority for HIPAA Security Rule and Privacy Rule compliance
Ensure proper safeguards for the creation, storage, transmission, and disposal of PHI
Maintain compliance documentation, risk assessments, and audit evidence
Lead HIPAA risk analyses and remediation plans
Oversee Business Associate Agreements (BAAs) from a security and IT standpoint
Coordinate and support internal and external audits, assessments, and investigations
Own the design, implementation, and maintenance of all IT systems
Ensure systems are secure, resilient, and scalable
Implement and maintain backup and disaster recovery plans
Implement and maintain business continuity procedures
Implement and maintain system redundancy and failover strategies
Approve and govern all technology deployments and architectural changes
Establish formal incident response plans and escalation procedures
Lead response efforts for security incidents, attempted breaches, phishing, impersonation, or data exposure
Conduct root cause analysis and implement corrective actions
Ensure proper breach notification processes are followed when required by law
Maintain logs, alerts, and monitoring systems to detect suspicious activity
Define and enforce controls for sensitive data, PHI, and confidential business information
Ensure encryption standards are applied to data at rest and in transit
Govern data access, sharing, and retention policies
Partner with legal and compliance stakeholders on privacy matters
Prevent unauthorized data access, leakage, or misuse
Evaluate security posture of third-party vendors and platforms
Approve technology vendors based on security, compliance, and risk criteria
Monitor ongoing vendor compliance and contractual obligations
Ensure third-party access is controlled, monitored, and revoked as needed
Develop and enforce IT and security policies applicable to all staff
Deliver security awareness training, including phishing and impersonation prevention
Ensure staff understand approved communication channels and security protocols
Investigate and address violations of IT or security policy
Establish clear escalation paths and disciplinary guidance related to security breaches
Define a long-term IT and security roadmap aligned with business growth
Provide regular reporting to executive leadership on security risks, compliance status, incidents and trends, and improvement initiatives
Advise leadership on technology risk, investments, and trade-offs
Balance operational efficiency with regulatory and security requirements
Company
Pacific Health Group
Pacific Health Group delivers integrated Medi-Cal healthcare, behavioral health, and telehealth services tailored to individual needs.
Founded in 2023
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
Jennifer Guerguis
Co-Founder
Company data provided by crunchbase