Skip to main content
Tallo logoTallo logo
Apply for this opportunity

This job application is on an outside website. Be sure to review the job posting there to verify it's the same.

Apply Offsite

HIPAA Policy and Regulatory (SME)

Job

Caplock Security

Remote

$165,000 Salary, Full-Time

Posted 2 weeks ago (Updated 4 days ago) • Actively hiring

Expires 7/1/2026

Review key factors to help you decide if the role fits your goals.
How is this calculated?
Pay Growth
?
out of 5
Not enough data
Not enough info to score pay or growth
Job Security
?
out of 5
Not enough data
Calculating job security score...
Total Score
84
out of 100
Average of individual scores

Were these scores useful?

Skill Insights

Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.

Job Description

HIPAA Policy and Regulatory (SME) at Caplock Security HIPAA Policy and Regulatory (SME) at Caplock Security in Mount Rainier, Maryland Posted in 9 days ago.
Type:
full-time
Job Description:
At a
Glance Location:
Remote / Hybrid
  • Washington, D.
C. area preferred
Employment Type:
Full-Time | W2
Employee of Caplock Client:
HHS Office for Civil Rights (OCR)
Clearance:
Public Trust Level II (background investigation
  • candidates may start pending clearance)
Salary Range:
$145,000.00
  • $185,000.00 per year About the Role Caplock is seeking a seasoned HIPAA policy attorney to support the HHS Office for Civil Rights (OCR)
  • the federal agency responsible for enforcing health information privacy and cybersecurity requirements nationwide.
This is a high-impact policy and compliance role, not an IT position. You will work directly within OCR's Health Information Privacy, Data, and Cybersecurity Division, supporting the development of HIPAA regulations, enforcement initiatives, and stakeholder outreach. Your work will shape how HIPAA Privacy, Security, Breach Notification, and Enforcement Rules are interpreted, implemented, and enforced across the country. What You'll Do
  • Lead and support OCR's HIPAA and cybersecurity regulatory and policy initiatives, including developing and improving operational processes.
  • Conduct enforcement activities
  • complaint intake, research, investigation, and resolution
  • and contribute to enforcement strategies affecting health systems, state and local governments, and private entities.
  • Draft and review regulatory documents, policies, procedures, and guidance under OCR's statutory and regulatory authorities.
  • Conduct high-quality legal research and case analysis in support of OCR's nationwide compliance and enforcement goals.
  • Coordinate intra
  • and inter-agency efforts, interfacing with federal and state officials, covered entities, business associates, advocacy groups, and other stakeholders.
  • Develop outreach materials and lead outreach activities on HIPAA and cybersecurity topics for internal and external audiences. Required Qualifications
  • J.D. from an ABA-accredited law school.
  • Demonstrated knowledge of HIPAA laws, regulations, guidance, and enforcement frameworks (Privacy, Security, Breach Notification, and Enforcement Rules).
  • Experience drafting or reviewing regulatory or legal documents.
  • Experience developing or analyzing policies, procedures, or regulatory guidance.
  • Strong analytical, writing, and communication skills
  • you can translate complex legal and regulatory concepts for diverse audiences. Preferred Qualifications
  • Experience evaluating or investigating HIPAA complaints.
  • Background supporting federal health privacy, civil rights, or regulatory enforcement programs.
  • Comfort engaging with senior leadership, government officials, regulated entities, and external stakeholders.
  • Familiarity with cybersecurity frameworks and their intersection with HIPAA requirements.