Information Security Specialist - Governance, Risk, & Compliance

Job Description

Implements and maintains the information security architectures and solutions for the organization. Identifies probable system exposure, compromise, problems or design flaws. Provides security design assistance on new products and internally-developed projects. Collaborating with key stakeholders, this role ensures that Northwell’s policies, standards, and practices meet regulatory compliance (e.g., HIPAA and New York State DOH / DFS requirements) and align with security frameworks (e.g., NIST). Additionally, the team member will be responsible for staying current with emerging threats and industry best practices to continuously improve the program.

Job Responsibility

• Plans, defines, and maintains policies, standards, configuration, and operation procedures and guidelines regarding security, identity and access. 
• Defines and monitors data security, confidentiality, integrity, and availability. 
• Ensures compliance with agency security policies and standards. 
• Identifies probable system exposure, compromise, problems or design flaws. 
• Analyzes, designs, implements, tests, troubleshoots, integrates, documents, and configures IT security infrastructure to maximize performance and capacity. 
• Implements new security infrastructure architecture or design changes. 
• Offers support to application development, network, server, database and storage teams regarding new technologies, services and system requirements. 
• Provides security design assistance on new products and internally-developed projects. 
• Monitors security devices, including procedures for detecting, reporting and responding to computer security incidents. 
• Operates under general guidance and work assignments are varied and require interpretation and independent decisions on course of action. 
• Performs related duties as required. All responsibilities noted here are considered essential functions of the job under the Americans with Disabilities Act. Duties not mentioned here, but considered related are not essential functions.

Job Qualifications

• Bachelor's Degree required, or equivalent combination of education and related experience.
• 3+ years of relevant experience, required. Minimum of five (5) years progressively responsible information security assessment or audit experience, required.  
• Thorough knowledge and understanding of current information risk assessment techniques, required.
• Working knowledge of IT standards, federal and state compliance regulations, and security frameworks including HIPAA, HITRUST, NIST, ISO27001, and PCI-DSS, required.

Highly Preferred Skills:

· Deep understanding of security principles: This includes knowledge of data security, cybersecurity threats, cyber risks and the NIST cybersecurity framework.

· Healthcare industry expertise: Understanding the unique regulatory landscape of healthcare, including HIPAA.

· Knowledge and understanding of compliance and regulatory landscape: Ensuring compliance with relevant regulations and internal policies, including HIPAA, HITECH, NYSDOH Cybersecurity Regulations for Hospitals, and other relevant regulations.

· Policy development and implementation: Experience creating and implementing security policies, standards, and procedures.

· Experience completing security questionnaires: Ability to research and write responses to various vendor, government, audit, or cyber insurance questionnaires and develop/maintain a database of standard security questions and responses.

· Strong written and oral communication and presentation skills: Ability to write and communicate effectively, including strong presentation skills.

· Technical proficiency: Familiarity with relevant security technologies, including access control systems, data loss prevention tools, intrusion detection/prevention systems, and encryption technologies.

· Legal and cyber background: Ability to understand, review, and provide input / commentary on security related components of various contractual agreements.

· Collaboration and relationship building: Ability to build strong relationships with key stakeholders, including researchers, EDS teams, Compliance, Risk Management, Legal counsel, and leadership.

· Continuous learning: Staying abreast of emerging threats, best practices, and evolving regulations in healthcare / security.

· Certifications: Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly preferred.

*Additional Salary Detail 
The salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future.When determining a team member's base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).