We are looking for a Director of Enterprise Security to work in collaboration with the New York DOH (Department of Health) to provide vision, strategy, broad-based planning and responsibility for the SHIN-NY security enterprise. This role will work closely with senior leadership, security leaders, and other key stakeholders of the SHIN-NY. The Director of SHIN-NY Security will be an advocate for the SHIN-NY enterprise security needs and is responsible for the development and delivery of a comprehensive information security strategy and program to optimize the security posture of the SHIN-NY. This role will lead the development, implementation and operation of an enterprise-wide security program that leverages collaborations and resources, facilitates information security governance, advises senior leadership and DOH on security issues, and designs appropriate policies to appropriately monitor and manage information security risk for the overall SHIN-NY enterprise. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders in an enterprise environment. This position reports to the Head of Enterprise Initiatives and Partnerships and will be operated out of the Manhattan, NY office location.
Primary Responsibilities:
- Develops a SHIN-NY Enterprise Security plan aligned with the NIST Cybersecurity Framework
- Collaborates with DOH and Client on developing SHIN-NY Enterprise Security Strategy and Roadmap
- Directs implementation of the SHIN-NY Enterprise Security Strategy and Roadmap
- Monitors compliance of the SHIN-NY Enterprise with Federal and NYS Information Security Standards
- Develops security metrics and KPIs to establish SHIN-NY Enterprise security posture baseline
- Drafts and submits reports and contract deliverables to DOH that include analyses, recommendations, observations and conclusions on specific aspects of the SHIN-NY Security Program, aggregated across all SHIN-NY entities where applicable
- Manages and facilitates the SHIN-NY Enterprise Security training and education plan
- Provides support and guidance to the SHIN-NY entities on their security operations to reduce risk and vulnerabilities to the SHIN-NY Enterprise
- Monitors and tracks SHIN-NY entities’ compliance and remediation efforts with respect to corrective action plans and remediation plans
- Consistent with applicable policies and procedures and in collaboration with NYS DOH, leads and manages SHIN-NY entities’ response to information system security incidents impacting the SHIN-NY Enterprise
- Monitors and ensures, across the SHIN-NY Enterprise, timely completion and implementation of remediation activities resulting from all required security risk assessments and tests, whether performed by our client or third-party assessors, including but not limited to HIPAA Security Risk Assessments and Business Continuity, Incident Response and Disaster Recovery plan testing
- Maintains up-to-date detailed knowledge of the IT security industry including awareness of security solutions, improved security processes and the threat landscape
- Research additional security solutions or enhancements to existing security solutions to improve overall SHIN-NY Enterprise security
- Analyzes and researches best practices in information security governance including organizational policies, procedures, standards, baselines and guidelines for the use and operation of information systems
- Serves as liaison between DOH / Client and SHIN-NY entities for information security
Experience and Skills:
- At least 8 years of progressive experience in health information security management, health information management, information systems and/or health risk management. At least 3 years of experience leading initiatives and strategy
- Information security certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Security+, Certified Information Systems Auditor (CISA) or other similar credentials required
- Knowledge of and experience with various health care privacy, security and associated laws, rules, standards and regulations including direct prior experience with the NIST 800-53 and Cybersecurity Framework (CSF) including associated guidance documents
- Demonstrated experience with legal and regulatory requirements such as HITECH, HIPAA Privacy & Security and other NYS and CMS regulations and guidelines
- Experienced in cloud native security solutions for cloud environments such as AWS, Azure and Snowflake
- Experience with the HITRUST Common Security Framework and the MARS-E Security and Privacy controls preferred
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Proven analytical and problem-solving abilities to identify and recommend solutions for security risks
- Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or related field required. Master’s Degree in Information Systems OR Information Technology preferred
We consider a wide range of factors when determining compensation, which may cause compensation to vary depending on your skills, experience, qualifications, and home office location. The annual base salary range for this role for a Manhattan, NY based candidate is $150,000 - $170,000. The salary offer will not be based on a candidate’s salary history at other jobs, and by law, company will not seek information about salary history, and candidates should not share such information with company. All compensation questions and comments should be directed to the HR Department representative during your application, interview, and hiring process.
We are an Equal Opportunity Employer and do not discriminate against candidates based on race, color, gender, sexual orientation gender identity or expression, age, religion, disability, national origin, protected veteran status, or any other status protected by applicable federal or local law. We are dedicated to building a diverse, inclusive, and authentic workplace.
