Position Information

NY HELPNo

AgencyHealth, Department of

TitleInformation Systems Auditor (Cybersecurity Analyst) - 23540

Occupational CategoryI.T. Engineering, Sciences

Salary Grade23

Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)

Salary RangeFrom $86681 to $109650 Annually

Employment Type Full-Time

Appointment Type Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 20%

Schedule

Workweek Mon-Fri

Hours Per Week 37.5

Workday

From 9 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? Yes

Telecommuting allowed? Yes

Location

County New York

Street Address Office of Health Information Management (OHIM) - Cybersecurity

90 Church Street

City New York City

StateNY

Zip Code10007

Job Specifics

Duties Description Duties may include but are not limited to following:

• Assist in developing DOH Cybersecurity Program in alignment with regulatory requirements and industry best practices.
• Assist in developing DOH cybersecurity Governance, Risk and Compliance (GRC) Initiatives.
• Assist in developing cybersecurity regulation, policies, standards, and best practices for DOH and DOH’s regulated entities.
• Serve as an information security expert and evaluate systems and contracts for alignment with agency and State information security policies.
• Serve as information security expert and advise and provide assistance to DOH programs in cybersecurity related matters.
• Conduct cybersecurity risk assessments, threat and vulnerability analysis, and perform security testing.
• Maintain cybersecurity risk register, including reporting and tracking of remediations.
• Develop communication materials for both technical and non-technical audiences as directed.
• Assist in developing cyber incident response plan, procedures and playbooks.
• Assist in designing, planning, and facilitating cyber security tabletop exercises to foster information-sharing and enhance cyber awareness with relevant stakeholders.
• Perform cyber incident response and recovery activities as required and assigned.
• Administer security awareness training exercises targeted to department staff members and regulated entities on cyber security best practices.
• Perform other duties as required.

Minimum Qualifications Non-Competitive: a bachelor’s degree and three years of IT auditing experience*; or an associate’s degree and five years of IT auditing experience*.

*IT auditing experience must have been gained in any one or combination of the following: an information system or audit professional with responsibility for designing, developing, and evaluating mainframe and server-based audit systems; an information system or audit professional with responsibility for designing and programming tests to perform audits of physical and logical access controls of mainframe and server-based systems; an information system or audit professional with responsibility for data extraction, manipulation and analysis using information from diverse sources, including preparation and presentation of written reports of findings suitable for non-technical audience; and an information system or audit professional with responsibility for supporting an audit group, including developing and maintaining audit systems and identifying and providing data in support of audit activity.

Preferred Qualifications: • Master’s degree in Cybersecurity, Risk Management, Information Systems, Health Information Management, Computer Science, or a related field.
• Certification in one or more of the following:
o Certified Information Systems Auditor (CISA)
o Certified Information Systems Security Professional (CISSP)
o (ISC)2 Systems Security Certified Practitioner (SSCP)
o Certified in Risk and Information Systems Control (CRISC)
o Certified Information Security Manager (CISM)
o CompTIA Security+
o CEH: Certified Ethical Hacker
• Ability to work effectively in a team environment - Being highly organized, motivated and a self-directed professional.
• Knowledge of hardware, software, data, and network principles and systems related to health or public health sector.
• Understanding of commonly used computer operating systems, databases, network structures
• Familiarity with cybersecurity regulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO 27001/27002, CIS, OWASP Top 10)
• Investigative and analytical skills
• Excellent oral and written communication skills, including the ability to explain complex technical issues in plain language.
• Knowledge of the current and evolving cyber threat landscape.
• Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy.

Additional Comments This position is being recruited in both New York City and Albany; the position may be filled at either location.

This position may require travel throughout New York State including overnights to areas not served by public transportation.

We offer a work-life balance and a generous benefits package, worth 65% of salary, including:

• Holiday & Paid Time Off
• Public Service Loan Forgiveness (PSLF)
• Pension from New York State Employees’ Retirement System
• Shift & Geographic pay differentials
• Affordable Health Care options
• Family dental and vision benefits at no additional cost
• NYS Deferred Compensation plan
• Access to NY 529 and NY ABLE College Savings Programs, and U.S. Savings Bonds
• And many more...

The NYS Department of Health is committed to making New York a safer, healthier, and more equitable place to live. Understanding health equity, social determinants of health and health disparities is critical to accomplish our goal of eliminating health disparities. For more information on the NYS Department of Health’s Mission, Vision, Values and Strategic Plan, please visit: https://health.ny.gov/commissioner/index.htm

If you require reasonable accommodation to complete a job application, a job interview or to otherwise participate in the hiring process, please contact by phone 518-486-1812 or email doh.sm.reasonable.accommodation@health.ny.gov to make a request.

NYS Department of Health does not participate in E-Verify and does not sponsor visa applications.

For new State employees appointed to graded positions, the annual salary is the hiring rate (beginning of the Salary Range) of the position. Promotion salaries are calculated by the NYS Office of the State Comptroller in accordance with NYS Civil Service Law, OSC Payroll rules and regulations and negotiated union contracts.

Some positions may require additional credentials or a background check to verify your identity.

How to Apply

Name Human Resources Management Group

Telephone 518-486-1812

Fax 518-473-3395

Email Address resume@health.ny.gov

Address

Street Corning Tower, Empire State Plaza, Room 2217

City Albany

State NY

Zip Code 12237

 

Notes on ApplyingPlease submit your resume and cover letter as one (1) document, preferably in PDF format, by email to resume@health.ny.gov, with Reference EM/ISA1/23540/NYC included in the subject line or by mail to Human Resources Management Group, EM/ISA1/23540/NYC, Rm 2217, Corning Tower Building, Empire State Plaza, Albany, NY 12237-0012, or by fax to (518) 473-3395. Failure to include the required information may result in your resume not being considered for this position.