Review Vacancy
TitleInformation Systems Auditor 1 (Cybersecurity Analyst) - 23540
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $86681 to $109650 Annually
Street Address Office of Health Information Management (OHIM) - Cybersecurity
Corning Tower, Empire State Plaza
Duties Description Duties may include but are not limited to following:
• Assist in developing DOH Cybersecurity Program in alignment with regulatory requirements and industry best practices.
• Assist in developing DOH cybersecurity Governance, Risk and Compliance (GRC) Initiatives.
• Assist in developing cybersecurity regulation, policies, standards, and best practices for DOH and DOH’s regulated entities.
• Serve as an information security expert and evaluate systems and contracts for alignment with agency and State information security policies.
• Serve as information security expert and advise and provide assistance to DOH programs in cybersecurity related matters.
• Conduct cybersecurity risk assessments, threat and vulnerability analysis, and perform security testing.
• Maintain cybersecurity risk register, including reporting and tracking of remediations.
• Develop communication materials for both technical and non-technical audiences as directed.
• Assist in developing cyber incident response plan, procedures and playbooks.
• Assist in designing, planning, and facilitating cyber security tabletop exercises to foster information-sharing and enhance cyber awareness with relevant stakeholders.
• Perform cyber incident response and recovery activities as required and assigned.
• Administer security awareness training exercises targeted to department staff members and regulated entities on cyber security best practices.
• Perform other duties as required.
Minimum Qualifications Non-Competitive: a bachelor’s degree and three years of IT auditing experience*; or an associate’s degree and five years of IT auditing experience*.
*IT auditing experience must have been gained in any one or combination of the following: an information system or audit professional with responsibility for designing, developing, and evaluating mainframe and server-based audit systems; an information system or audit professional with responsibility for designing and programming tests to perform audits of physical and logical access controls of mainframe and server-based systems; an information system or audit professional with responsibility for data extraction, manipulation and analysis using information from diverse sources, including preparation and presentation of written reports of findings suitable for non-technical audience; and an information system or audit professional with responsibility for supporting an audit group, including developing and maintaining audit systems and identifying and providing data in support of audit activity.
Preferred Qualifications: • Master’s degree in Cybersecurity, Risk Management, Information Systems, Health Information Management, Computer Science, or a related field.
• Certification in one or more of the following:
o Certified Information Systems Auditor (CISA)
o Certified Information Systems Security Professional (CISSP)
o (ISC)2 Systems Security Certified Practitioner (SSCP)
o Certified in Risk and Information Systems Control (CRISC)
o Certified Information Security Manager (CISM)
o CompTIA Security+
o CEH: Certified Ethical Hacker
• Ability to work effectively in a team environment - Being highly organized, motivated and a self-directed professional.
• Knowledge of hardware, software, data, and network principles and systems related to health or public health sector.
• Understanding of commonly used computer operating systems, databases, network structures
• Familiarity with cybersecurity regulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO 27001/27002, CIS, OWASP Top 10)
• Investigative and analytical skills
• Excellent oral and written communication skills, including the ability to explain complex technical issues in plain language.
• Knowledge of the current and evolving cyber threat landscape.
• Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy.
Additional Comments This position is being recruited in both New York City and Albany; the position may be filled at either location.
This position may require travel throughout New York State including overnights to areas not served by public transportation.
We offer a work-life balance and a generous benefits package, worth 65% of salary, including:
• Holiday & Paid Time Off
• Public Service Loan Forgiveness (PSLF)
• Pension from New York State Employees’ Retirement System
• Shift & Geographic pay differentials
• Affordable Health Care options
• Family dental and vision benefits at no additional cost
• NYS Deferred Compensation plan
• Access to NY 529 and NY ABLE College Savings Programs, and U.S. Savings Bonds
• And many more...
The NYS Department of Health is committed to making New York a safer, healthier, and more equitable place to live. Understanding health equity, social determinants of health and health disparities is critical to accomplish our goal of eliminating health disparities. For more information on the NYS Department of Health’s Mission, Vision, Values and Strategic Plan, please visit: https://health.ny.gov/commissioner/index.htm
If you require reasonable accommodation to complete a job application, a job interview or to otherwise participate in the hiring process, please contact by phone 518-486-1812 or email doh.sm.reasonable.accommodation@health.ny.gov to make a request.
NYS Department of Health does not participate in E-Verify and does not sponsor visa applications.
For new State employees appointed to graded positions, the annual salary is the hiring rate (beginning of the Salary Range) of the position. Promotion salaries are calculated by the NYS Office of the State Comptroller in accordance with NYS Civil Service Law, OSC Payroll rules and regulations and negotiated union contracts.
Some positions may require additional credentials or a background check to verify your identity.
Name Human Resources Management Group
Email Address resume@health.ny.gov
Address
Street Corning Tower, Empire State Plaza, Room 2217
Notes on ApplyingPlease submit your resume and cover letter as one (1) document, preferably in PDF format, by email to resume@health.ny.gov, with Reference EM/ISA1/23540/ALB included in the subject line or by mail to Human Resources Management Group, EM/ISA1/23540/ALB, Rm 2217, Corning Tower Building, Empire State Plaza, Albany, NY 12237-0012, or by fax to (518) 473-3395. Failure to include the required information may result in your resume not being considered for this position.