We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Equiliem jobs

Contractor, Information Security Governance, Risk and Compliance

Equiliem
United States, New York, Buffalo
Feb 03, 2025
Summary:

Under the direction of the Director - InfoSec GRC, the incumbent will take a lead role and will be responsible for managing and reducing Information Technology, Information Security, Privacy, Regulatory Compliance and Governance, and Cybersecurity risk to by helping to prioritize and drive remediation efforts throughout the organization. This role will project lead several IT and cybersecurity engagements across different cross-functional teams, collaborating with internal, external, and other advisory partners to plug out on gap, corrective action plans, exceptions, and non-conformities to meet regulatory compliance. Partner with infrastructure, Help Desk, IT, Informatics, Security Operations, Compliance, Privacy, Legal, and Internal Audit to bring policy, procedures/standards and implementation requirements to full compliance and maturity. The Analyst independently or in collaboration with other stakeholders owns policy creation and updates, planning, coordination and execution of IT and Cybersecurity projects. The Analyst holds team and organization level responsibilities and leads complex scale projects. The incumbent will work with employees and leaders across partners and affiliates.

Hands on GRC experience in a clinical environment, project management background and experience with the New York State Hospital Cybersecurity regulatory mandate are a plus.

Primary Duties Include:

  • Oversees and participates in creation of and updating organizational policies aligned to the cybersecurity needs of the organization, best practices, and regulatory requirements; heavy focus on NYS Hospital Cybersecurity Regulation but inclusive of others such as HIPAA, NIST CSF and PCI.
  • Works closely with control owners and internal and external auditors to ensure requests are completed in time.
  • Assists with evaluating the information security program's effectiveness by developing, monitoring, gathering, tracking, and analyzing information security and compliance metrics for management.
  • Creating, maintaining, communicating, and tracking information security policies, procedures/ SOP, and other documentations.
  • Prepares for and facilitates assessments by qualified security assessors for regulations such as HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.
  • Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that the company meets both the requirements and intent of its regulatory and compliance obligations.
  • Facilitates the remediation of control gaps and escalates critical issues to leadership.
  • Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
  • Develops mechanisms to align with the adoption and usage of current and emerging regulations including HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.
  • Work with SMEs to interpret and translate controls into remediation items.
  • Lead and manage IT cybersecurity compliance project from initiation through closure and post-mortem.



Knowledge, Skills, and Abilities

Knowledge of:

  • Excellent technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc.)
  • Applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
  • Policy, procedure, SOP advisory.
  • Information systems auditing, monitoring, controlling, and assessment process.
  • Incident response management.
  • Penetration Testing, Vulnerability Management.
  • Business Continuity and Disaster Recovery.
  • Risk assessment and management methodology.


Skills in:

  • Developing and implementing enterprise governance, risk, and compliance strategy and solutions.
  • Information technology and cybersecurity project management, planning, and execution.
  • Time and task management.
  • Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.
  • Using judgment and ingenuity in maintaining objectives and technical standards.


Ability to:

  • Effectively communicate technical issues to diverse audiences, both in writing and verbally.
  • Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
  • Evaluate and update and/or revise program materials.
  • Comprehend technical background and confer, analyze, and write in an objective, lucid manner.
  • Work as part of a team and/or independently and prioritize multiple tasks and adapt to needed changes.


Qualifications:

Required Education and Experience

Education and Experience

bachelor's degree in computer science, Information Systems or a related field and the equivalent of ten (10) years of full-time experience in information security Governance Risk and Compliance.

What sets you Apart?

  • 10 years of experience in security GRC with emphasis on leading, managing and conducting concurrent risk assessments, project management skills and knowledgeable in HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.


  • 10 years of experience in security GRC with emphasis on leading, managing and conducting concurrent risk assessments
  • Project management skills and knowledge in HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation is a plus.
  • Experience in a clinical environment is a plus.



Applied = 0
MORE JOBS LIKE THIS

(web-7d594f9859-hk764)