Job Information
HSS Security Risk Analyst in New York, New York
Overview
How you move is why we’re here. ®
Now more than ever.
Get back to what you need and love to do.
The possibilities are endless...
Now more than ever, our guiding principles are helping us in our search for exceptional talent - candidates who align with our unique workplace culture and who want to maximize
the abundant opportunities for growth and success.
If this describes you then let’s talk!
HSS is consistently among the top-ranked hospitals for orthopedics and rheumatology by U.S. News & World Report . As a recipient of theMagnetAward for Nursing Excellence, HSS was the first hospital in New York City to receive the distinguished designation. Whether you are early in your career or an expert in your field, you will find HSS an innovative, supportive and inclusive environment.
Working with colleagues who love what they do and are deeply committed to our Mission, you too can be part of our transformation across the enterprise
Security Risk Analyst
Full-Time
3 days in office required (based in NYC)
Overview:
The Security Risk Analyst will be a part of a fast-growing security team and will be responsible for supporting and improving the regulatory and information security policy compliance initiatives at Hospital for Special Surgery using a risk-based methodology. This position will work closely with the security analysts, engineers, and architects to conduct risk assessments for new and existing technologies, enhance the institution’s security awareness campaigns, review existing policies and procedures, assist in maintaining business continuity and disaster recovery planning documents, and respond to compliance alerts, among other items.
You are a self-starter and a highly motivated individual who is passionate about cybersecurity and risk management. You enjoy working with others, have an attention to detail, and like to think outside the box. You are excited to play such a crucial part in advancing critical initiatives that promote and improve the overall posture of cybersecurity at HSS.
Responsibilities:
Maintains an awareness of the regulatory environment as it relates to Hospital for Special Surgery’s mission
Regularly reviews and assists in maintaining cybersecurity policies, standards, and procedures and fulfilling auditing requirements as needed
Stay updated on the latest cybersecurity threats and trends, and apply this knowledge to improve HSS security measures
Supports continuity across security and privacy practices and procedures in collaboration with the Chief Information Security Officer, Human Resources, Legal, Corporate Compliance, Compliance and Privacy, and others
Performs risk assessments and gap analyses for information systems and programs, identifies foreseeable internal and external risks to security, and delivers recommendation reports for risk management
Reviews technology platforms, including operating systems, applications, network devices, and vendors to ensure compliance with established best practices and organizational policies
Creates content for the institution’s security awareness campaigns
Evangelizes security and secure practices while promoting and maintaining a favorable and positive work environment for yourself and others to assist in Hospital for Special Surgery’s overall mission
Performs other related duties as assigned
Qualifications
Minimum qualifications
Information security certifications, such as Security+, CEH, GIAC, SSCP, CISA, or similar
Experience with information security frameworks and related regulations such as NIST Cybersecurity Framework, HIPAA, ISO 27001, PCI, HITRUST, etc.
Knowledge of risk analysis and development of security systems and protocols
Strong non-technical understanding of a variety of incidents and attack vectors such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity
Excellent written and verbal communication skills on both technical and non-technical topics
Two or more years of security-related work or internship experience
Preferred experience
Healthcare industry experience and knowledge of computer-based patient records systems and various protocols relative to privacy and confidentiality of health information
Knowledge of auditing process, including techniques relative to auditing and problem resolution
Strong knowledge of IT infrastructure technologies and protocols
Strong conceptual thinking, verbal, and communication skills
Comfortable working with technologies at all levels of the OSI model
Skills and Abilities
Ability to create and present diagrams, reports, and presentations for technical and non-technical audiences
Ability to produce professional-level documentation and reporting using Microsoft Office
Ability to think outside the box in terms of designing systems and solutions
Ability to deliver under tight deadlines and work off-hours as needed
Ability to think critically and make decisions independently
Must be able to work in a very demanding and high-pressure environment
Pay Range - Minimum
USD $125,000.00/Yr.
Pay Range - Maximum
USD $150,000.00/Yr.
Posted Date2 weeks ago(9/3/2024 4:52 PM)
Job ID2024-19969
LocationUS-NY-New York
CategoryInformation Technology - All Openings
Emp StatusRegular Full-Time
Hours per Week35
ShiftDays