HIPAA Security Program Manager

At Owens & Minor, we are a critical part of the healthcare process. As a Fortune 500 company with 350+ facilities across the US and 22,000 teammates in over 90 countries, we provide integrated technologies, products and services across the full continuum of care. Customers—and their patients—are at the heart of what we do.

Our mission is to empower our customers to advance healthcare, and our success starts with our teammates. 

Owens & Minor teammate benefits include:

• Medical, dental, and vision insurance, available on first working day

• 401(k), eligibility after one year of service

• Employee stock purchase plan

• Tuition reimbursement

Key Responsibilities:

• Develop, implement, and maintain HIPAA compliance programs, including privacy, security, and breach notification rules.

• Lead internal security audits, risk assessments, and HIPAA gap analyses.

• Drive Corrective Action Plans (CAPs) by tracking, reporting, and managing remediation efforts.

• Stay up to date on HIPAA regulatory changes and industry best practices to enhance the compliance program.

• Support third-party audits, HIPAA certifications, and customer security assessments.

• Develop policies, procedures, and training materials to enhance HIPAA security awareness.

• Maintain security documentation and ensure compliance with corporate governance requirements.

• Act as a subject matter expert for HIPAA security compliance-related inquiries.

• Ensure compliance with industry security standards such as NIST, ISO 27001, SOC 2, GDPR, CCPA, and PCI-DSS.

• Conduct overall security risk assessments and implement security controls to mitigate risks beyond HIPAA.

• Partner with IT, security, legal, and business teams to address security gaps and meet compliance requirements.

• Manage third-party risk assessments to ensure vendor compliance with security frameworks.

• Provide guidance on security incident response and compliance reporting requirements.

Qualifications:

• Bachelor's degree in information security, computer science, or a related field (or equivalent work experience).

• 8+ years of experience in security compliance, including HIPAA, IT audit, risk management, or related fields.

• Strong knowledge of HIPAA security and privacy rules, CAP management, and other compliance standards such as ISO 27001, SOC 2, NIST, and PCI-DSS.

• Experience working with third-party auditors and regulatory bodies.

• Excellent project management, communication, and stakeholder engagement skills.

• Ability to work independently and manage multiple projects simultaneously.

• Certifications such as CHP, CHPS, CISSP, CISA, CISM, CRISC, or similarare a plus.

If you feel this opportunity could be the next step in your career, we encourage you to apply. This position will accept applications on an ongoing basis.

Owens & Minor is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, sexual orientation, genetic information, religion, disability, age, status as a veteran, or any other status prohibited by applicable national, federal, state or local law.