Welcome page Returning Candidate? Log back in! Security Risk Analyst Posted Date 4 hours ago(9/3/2024 4:52 PM) Job ID 2024-19969 Location US-NY-New York Category Information Technology - All Openings Emp Status Regular Full-Time Hours per Week 35 Shift Days Overview

How you move is why we’re here. ®

Now more than ever.

Get back to what you need and love to do.

The possibilities are endless...

 

Now more than ever, our guiding principles are helping us in our search for exceptional talent - candidates who align with our unique workplace culture and who want to maximize

 the abundant opportunities for growth and success.

 

If this describes you then let’s talk!

 

HSS is consistently among the top-ranked hospitals for orthopedics and rheumatology by U.S. News & World Report. As a recipient of the Magnet Award for Nursing Excellence, HSS was the first hospital in New York City to receive the distinguished designation. Whether you are early in your career or an expert in your field, you will find HSS an innovative, supportive and inclusive environment.

Working with colleagues who love what they do and are deeply committed to our Mission, you too can be part of our transformation across the enterprise

 

Security Risk Analyst 

Full-Time

 

Overview:

 

The Security Risk Analyst will be a part of a fast-growing security team and will be responsible for supporting and improving the regulatory and information security policy compliance initiatives at Hospital for Special Surgery using a risk-based methodology. This position will work closely with the security analysts, engineers, and architects to conduct risk assessments for new and existing technologies, enhance the institution’s security awareness campaigns, review existing policies and procedures, assist in maintaining business continuity and disaster recovery planning documents, and respond to compliance alerts, among other items.

 

You are a self-starter and a highly motivated individual who is passionate about cybersecurity and risk management. You enjoy working with others, have an attention to detail, and like to think outside the box. You are excited to play such a crucial part in advancing critical initiatives that promote and improve the overall posture of cybersecurity at HSS.

Responsibilities:Maintains an awareness of the regulatory environment as it relates to Hospital for Special Surgery’s missionRegularly reviews and assists in maintaining cybersecurity policies, standards, and procedures and fulfilling auditing requirements as neededStay updated on the latest cybersecurity threats and trends, and apply this knowledge to improve HSS security measuresSupports continuity across security and privacy practices and procedures in collaboration with the Chief Information Security Officer, Human Resources, Legal, Corporate Compliance, Compliance and Privacy, and othersPerforms risk assessments and gap analyses for information systems and programs, identifies foreseeable internal and external risks to security, and delivers recommendation reports for risk managementReviews technology platforms, including operating systems, applications, network devices, and vendors to ensure compliance with established best practices and organizational policiesCreates content for the institution’s security awareness campaignsEvangelizes security and secure practices while promoting and maintaining a favorable and positive work environment for yourself and others to assist in Hospital for Special Surgery’s overall missionPerforms other related duties as assigned Qualifications Minimum qualificationsInformation security certifications, such as Security+, CEH, GIAC, SSCP, CISA, or similarExperience with information security frameworks and related regulations such as NIST Cybersecurity Framework, HIPAA, ISO 27001, PCI, HITRUST, etc.Knowledge of risk analysis and development of security systems and protocolsStrong non-technical understanding of a variety of incidents and attack vectors such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activityExcellent written and verbal communication skills on both technical and non-technical topicsTwo or more years of security-related work or internship experience

Preferred experience

Healthcare industry experience and knowledge of computer-based patient records systems and various protocols relative to privacy and confidentiality of health informationKnowledge of auditing process, including techniques relative to auditing and problem resolutionStrong knowledge of IT infrastructure technologies and protocolsStrong conceptual thinking, verbal, and communication skillsComfortable working with technologies at all levels of the OSI model

Skills and Abilities

Ability to create and present diagrams, reports, and presentations for technical and non-technical audiencesAbility to produce professional-level documentation and reporting using Microsoft OfficeAbility to think outside the box in terms of designing systems and solutionsAbility to deliver under tight deadlines and work off-hours as neededAbility to think critically and make decisions independentlyMust be able to work in a very demanding and high-pressure environment Pay Range - Minimum USD $125,000.00/Yr. Pay Range - Maximum USD $150,000.00/Yr. Options Apply for this job onlineApplyShareRefer this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQs

Software Powered by iCIMS
www.icims.com