Security Risk Analyst Job at Hospital for Special Surgery in New York
Hospital for Special Surgery, New York, NY, United States
Overview:
How you move is why were here.
Now more than ever.
Get back to what you need and love to do.
The possibilities are endless...
Now more than ever, our guiding principles are helping us in our search for exceptional talent - candidates who align with our unique workplace culture and who want to maximize
the abundant opportunities for growth and success.
If this describes you then lets talk!
HSS is consistently among the top-ranked hospitals for orthopedics and rheumatology by U.S. News & World Report. As a recipient of the Magnet Award for Nursing Excellence, HSS was the first hospital in New York City to receive the distinguished designation. Whether you are early in your career or an expert in your field, you will find HSS an innovative, supportive and inclusive environment.
Working with colleagues who love what they do and are deeply committed to our Mission, you too can be part of our transformation across the enterprise
Security Risk Analyst
Full-Time
3 days in office required (based in NYC)
Overview:
The Security Risk Analyst will be a part of a fast-growing security team and will be responsible for supporting and improving the regulatory and information security policy compliance initiatives at Hospital for Special Surgery using a risk-based methodology. This position will work closely with the security analysts, engineers, and architects to conduct risk assessments for new and existing technologies, enhance the institutions security awareness campaigns, review existing policies and procedures, assist in maintaining business continuity and disaster recovery planning documents, and respond to compliance alerts, among other items.
You are a self-starter and a highly motivated individual who is passionate about cybersecurity and risk management. You enjoy working with others, have an attention to detail, and like to think outside the box. You are excited to play such a crucial part in advancing critical initiatives that promote and improve the overall posture of cybersecurity at HSS.
Responsibilities:
- Maintains an awareness of the regulatory environment as it relates to Hospital for Special Surgerys mission
- Regularly reviews and assists in maintaining cybersecurity policies, standards, and procedures and fulfilling auditing requirements as needed
- Stay updated on the latest cybersecurity threats and trends, and apply this knowledge to improve HSS security measures
- Supports continuity across security and privacy practices and procedures in collaboration with the Chief Information Security Officer, Human Resources, Legal, Corporate Compliance, Compliance and Privacy, and others
- Performs risk assessments and gap analyses for information systems and programs, identifies foreseeable internal and external risks to security, and delivers recommendation reports for risk management
- Reviews technology platforms, including operating systems, applications, network devices, and vendors to ensure compliance with established best practices and organizational policies
- Creates content for the institutions security awareness campaigns
- Evangelizes security and secure practices while promoting and maintaining a favorable and positive work environment for yourself and others to assist in Hospital for Special Surgerys overall mission
- Performs other related duties as assigned
Qualifications:
Minimum qualifications
- Information security certifications, such as Security+, CEH, GIAC, SSCP, CISA, or similar
- Experience with information security frameworks and related regulations such as NIST Cybersecurity Framework, HIPAA, ISO 27001, PCI, HITRUST, etc.
- Knowledge of risk analysis and development of security systems and protocols
- Strong non-technical understanding of a variety of incidents and attack vectors such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity
- Excellent written and verbal communication skills on both technical and non-technical topics
- Two or more years of security-related work or internship experience
Preferred experience
- Healthcare industry experience and knowledge of computer-based patient records systems and various protocols relative to privacy and confidentiality of health information
- Knowledge of auditing process, including techniques relative to auditing and problem resolution
- Strong knowledge of IT infrastructure technologies and protocols
- Strong conceptual thinking, verbal, and communication skills
- Comfortable working with technologies at all levels of the OSI model
Skills and Abilities
- Ability to create and present diagrams, reports, and presentations for technical and non-technical audiences
- Ability to produce professional-level documentation and reporting using Microsoft Office
- Ability to think outside the box in terms of designing systems and solutions
- Ability to deliver under tight deadlines and work off-hours as needed
- Ability to think critically and make decisions independently
- Must be able to work in a very demanding and high-pressure environment
Pay Range - Minimum:
USD $125,000.00/Yr.
Pay Range - Maximum:
USD $150,000.00/Yr.