Campus Pride Jobs

Director, Enterprise Security

Job Details

Job Location

Albany or NYC Office - Albany or New York, NY

Position Type

Full Time

Travel Percentage

Up to 25%

Job Shift

M - F 9am - 5pm

New York eHealth Collaborative: Director, Enterprise Security

New York eHealth Collaborative (NYeC) is a not-for-profit organization working in partnership with the New York State Department of Health (NYS DOH) to improve healthcare by collaboratively leading, connecting, and integrating health information exchange across the State.

Founded in 2006 by healthcare leaders, NYeC works to help New York State achieve the Triple Aim of improving the patient experience of care, delivering better health outcomes, and reducing costs. On behalf of the State, NYeC leads the Statewide Health Information Network for New York (SHIN-NY), a network connecting healthcare providers statewide, develops policies and standards that support the utilization of health technologies, assists healthcare providers in adopting and effectively using electronic health records, and ensures that the SHIN-NY provides services to support the State’s public health and Medicaid efforts.

Position Summary:

NYeC is seeking a Director, Enterprise Security to work in collaboration with NYS DOH to provide vision, strategy, broad-based planning and responsibility for the SHIN-NY security enterprise. This role will work closely with NYeC senior leadership, NYS DOH, Qualified Entity (QE) security leaders, and other key stakeholders of the SHIN-NY. The Director, Enterprise Security will be an advocate for the SHIN-NY enterprise security needs and is responsible for the development and delivery of a comprehensive information security strategy and program to optimize the security posture of the SHIN-NY.

This role will lead the development, implementation and operation of an enterprise-wide security program that leverages collaborations and resources, facilitates information security governance, advises senior leadership and DOH on security issues, and designs appropriate policies to appropriately monitor and manage information security risk for the overall SHIN-NY enterprise. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders in an enterprise environment.

This position reports to the Chief Counsel and Operating Officer, and will be operated out of the Albany, NY or Manhattan, NY office location.

Primary Responsibilities:

• Develops a (SHIN-NY) Enterprise Security plan aligned with the NIST Cybersecurity Framework;

• Collaborates with DOH and NYeC on developing (SHIN-NY) Enterprise Security Strategy and Roadmap;

• Directs implementation of the (SHIN-NY) Enterprise Security Strategy and Roadmap;

• Monitors compliance of the (SHIN-NY) Enterprise with Federal and NYS Information Security Standards

• Develops security metrics and KPIs to establish (SHIN-NY) Enterprise security posture baseline;

• Drafts and submits reports and contract deliverables to DOH that include analyses, recommendations, observations and conclusions on specific aspects of the SHIN-NY Security Program, aggregated across all SHIN-NY entities where applicable;

• Manages and facilitates the (SHIN-NY) Enterprise Security training and education plan;

• Provides support and guidance to the SHIN-NY entities on their security operations to reduce risk and vulnerabilities to the SHIN-NY Enterprise;

• Monitors and tracks SHIN-NY entities’ compliance and remediation efforts with respect to corrective action plans and remediation plans;

• Consistent with applicable policies and procedures and in collaboration with NYS DOH, leads and manages SHIN-NY entities’ response to information system security incidents impacting the SHIN-NY Enterprise;

• Monitors and ensures, across the SHIN-NY Enterprise, timely completion and implementation of remediation activities resulting from all required security risk assessments and tests, whether performed by NYeC or third party assessors, including but not limited to HIPAA Security Risk Assessments and Business Continuity, Incident Response and Disaster Recovery plan testing.

• Maintains up-to-date detailed knowledge of the IT security industry including awareness of security solutions, improved security processes and the threat landscape;

• Researches additional security solutions or enhancements to existing security solutions to improve overall SHIN-NY Enterprise security;

• Analyzes and researches best practices in information security governance including organizational policies, procedures, standards, baselines and guidelines for the use and operation of information systems;

• Serves as liaison between DOH/NYeC and SHIN-NY entities for information security;

• Other duties as assigned.

  Experience and Skills:

• Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or related field required. Master’s Degree in Information Systems and Information Technology preferred.

• Information security certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Security+, Certified Information Systems Auditor (CISA) or other similar credentials required.

• At least 8 years of progressive experience in health information security management, health information management, information systems and/or health risk management. At least 3 years of experience in a leadership role.

• Knowledge of and experience with various health care privacy, security and associated laws, rules, standards and regulations including direct prior experience with the NIST 800-53 and Cybersecurity Framework (CSF)including associated guidance documents.

• Demonstrated experience with legal and regulatory requirements such as HITECH, HIPAA Privacy & Security and other NYS and CMS regulations and guidelines.

• Experienced in cloud native security solutions for cloud environments such as AWS, Azure and Snowflake.

• Experience with the HITRUST Common Security Framework and the MARS-E Security and Privacy controls preferred.

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

• Proven analytical and problem-solving abilities to identify and recommend solutions for security risks.

  Expectations of Employees:

• NYeC supports the healthcare sector, and we expect every employee to be vaccinated in accordance with NYeC’s policy before beginning employment with NYeC and present proof prior to their start date, unless they have requested and been granted an exemption or accommodation (based on disability/medical condition or a sincerely held religious belief).

• Employees work a hybrid in-office schedule (at either our Manhattan, NY or Albany, NY office and then remotely). Barring specific exemptions, team members are expected to work from the office on a regular schedule determined by the COO and on other days specified by their manager (no less than 1 day per week in the office). This schedule is subject to change.

• NYeC supports work happening across New York State. From time to time our team members must visit other parts of the state. The most common requirement is for a New York City based team member to travel to Albany and vice versa. If this role is hired in NYC, the individual hired should expect to travel to Albany regularly (at least 15% of the time) and as needed.

  We consider a wide range of factors when determining compensation, which may cause compensation to vary depending on your skills, experience, qualifications, and home office location (Manhattan, NY vs. Albany, NY). The annual base salary range for this role for an Albany, NY based candidate is $125,000 - $145,000. The annual base salary range for this role for a Manhattan, NY based candidate is $150,000 - $170,000. The salary offer will not be based on a candidate’s salary history at other jobs, and by law, NYeC will not seek information about salary history, and candidates should not share such information with NYeC. All compensation questions and comments should be directed to the HR Department representative during your application, interview, and hiring process.

  NYeC is an Equal Opportunity Employer. We are dedicated to building a diverse, inclusive, and authentic workplace, so if you are excited about this role but your past experience doesn't align perfectly with everything listed in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

  For more information about NYeC and to apply for this position, visit our website at https://www.nyehealth.org/careers/.We accept online applications only.