Review Vacancy
AgencyHealth, Department of - Helen Hayes Hospital
TitleProject Coordinator - Information Security - 93707
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $103784 to $127830 Annually
Duties Description This position will matrix report to the Project Director and DOH Chief Information Security Officer (CISO) within the Office of Health Information Management (OHIM). In coordination with the Department CISO, the Project Coordinator will serve as Information Security Officer and will implement cybersecurity controls required by the NYS Title 10, Section 405.46 - Hospital Cybersecurity Requirements of the Health Insurance Portability and Accountability Act (HIPAA) and other relevant regulations at Helen Hayes Hospital. They will serve as subject matter expert in multiple areas of cybersecurity, such as incident response, digital forensics, risk assessments, digital identity management, and state and federal compliance requirements. The Project Coordinator may be responsible for supervising staff, assigning tasks, writing performance and probationary evaluations, conducting interviews, and hiring staff.
The Project Coordinator will also be responsible for the facility’s information, security incident response, risk and compliance, and cyber governance. They will also support the implementation and improvement of information security incident response plans and reports. They will investigate alleged information security violations, refer cases to entities like NYS Cyber Command or law enforcement as required, and respond to external investigation requests. They will perform analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provide remediation recommendations. Duties include: Implementation of information security and compliance programs; participation in the development, interpretation, review and communication of information security regulations, policies, procedures, and standards; monitoring of security compliance information, and improvement recommendations; support of the implementation of information security procedures and protocols and participate in security risk reviews and remediation activity, including producing written reports; collaboration with internal and external partners to address information security issues; planning and conducting outreach programs and activities to increase cybersecurity awareness; tracking and reporting on all security-related project portfolio tasks; support management in the resolution of security threats to agency and facility information systems; participation in information security risk analysis and risk management processes with business and IT units; review vulnerability scanning and analysis reports to help determine the scope of risk and prioritization of remediation; collect and maintain a risk register, including reporting and tracking of remediation; monitoring of external data sources to maintain the currency of threat conditions and their potential impact on the enterprise. The Project Coordinator will also participate in the identification and modeling of new threat scenarios to provide proactive defensive measures to technical teams for mitigation of risk and will disseminate threat and vulnerability intelligence products. They will participate in the continuous monitoring and protection of technology resources and determine events that require investigation and response.
In addition, the Project Coordinator will design, plan, and facilitate cybersecurity tabletop exercises to foster information sharing and enhance cyber awareness with stakeholders; conduct post-exercise after-action analysis, reporting, and assessment; develop recommendations; and design future exercises to validate improvements.
The Project Coordinator will evaluate systems and contracts for alignment with agency and State security policies; review contracts, service level agreements, memorandum of understanding language, and other documents to verify that they meet information security needs and requirements that align with facility, agency, and State security policies; provide information security expertise, advice, and recommendations to agency executives on a broad range of information security matters; and act as an information security leader on projects and initiatives to ensure security by design through the implementation of the Secure Systems Development Lifecycle (SSDLC).
The Project Coordinator will monitor information security trends, tools, and techniques; they will keep abreast of relevant laws and regulations that could affect the security controls and classification of information assets and communicate legal and regulatory requirements; conduct research, administer, and utilize specialized cybersecurity tools, techniques, and procedures; represent the agency at internal and external information security meetings and conferences to maintain awareness and evaluate the applicability of the latest information security techniques and tools to the agency’s security program; participate in the creation and maintenance of dashboards and reports that present information security data in an intuitive manner.
Minimum Qualifications A bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience, including two years of information security or information assurance experience**.
*Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of
general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.
Preferred Qualifications: The preferred candidate will have a master’s degree in cybersecurity, risk management, information systems, health information management, computer science, or a related field; a minimum of 3 years of experience in cybersecurity, cyber risk assessment, cyber incident response, or auditing IT systems. The preferred candidate should possess a certification in one or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), (ISC)2 Systems Security Certified Practitioner (SSCP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), CompTIA Security+,CEH: Certified Ethical Hacker. They should have the ability to work effectively in a team environment; they should be highly organized, motivated, and a self-directed professional. Additionally, the candidate should demonstrate strong analytical skills and a deep understanding of security frameworks and risk management practices. Excellent communication abilities are essential, as the role will involve collaborating with various stakeholders to implement and maintain security policies. They should have knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services. They should also have a thorough understanding of commonly used computer operating systems, databases, and network structures; they should have familiarity with cybersecurity regulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO27001/27002, or CIS); and have investigative and analytical skills. They should possess excellent oral and written communication skills, including the ability to explain complex technical issues in plain language; knowledge of the current and evolving cyber threat landscape; and knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy.
Additional Comments This is a full-time temporary project appointment for a period of 18 months.
Degrees awarded from educational institutions outside of the United States, or its territories must be independently verified for equivalency. Please see https://www.cs.ny.gov/jobseeker/degrees.cfm for additional information.
We offer a work-life balance and a generous benefits package, worth 65% of salary, including:
• Holiday & Paid Time Off
• Public Service Loan Forgiveness (PSLF)
• Pension from New York State Employees’ Retirement System
• Shift & Geographic pay differentials
• Affordable Health Care options
• Family dental and vision benefits at no additional cost
• NYS Deferred Compensation plan
• Access to NY 529 and NY ABLE College Savings Programs, and U.S. Savings Bonds
• And many more...
The NYS Department of Health is committed to making New York a safer, healthier, and more equitable place to live. Understanding health equity, social determinants of health and health disparities is critical to accomplish our goal of eliminating health disparities. For more information on the NYS Department of Health’s Mission, Vision, Values and Strategic Plan, please visit: https://health.ny.gov/commissioner/index.htm
If you require reasonable accommodation to complete a job application, a job interview or to otherwise participate in the hiring process, please contact by phone 518-486-1812 or email doh.sm.reasonable.accommodation@health.ny.gov to make a request.
NYS Department of Health does not participate in E-Verify and does not sponsor visa applications.
For new State employees appointed to graded positions, the annual salary is the hiring rate (beginning of the Salary Range) of the position. Promotion salaries are calculated by the NYS Office of the State Comptroller in accordance with NYS Civil Service Law, OSC Payroll rules and regulations and negotiated union contracts.
Some positions may require additional credentials or a background check to verify your identity.
Email Address human.resources@helenhayeshosp.org
Address
51-55 Rte. 9W
Notes on ApplyingPlease submit your resume and cover letter as one (1) document, preferably in PDF format, by email to human.resources@helenhayeshosp.org, with Reference Project Coordinator Information Security Officer 93707 included in the subject line or by mail to Human Resources, Helen Hayes Hospital, Bldg 22, 51-55 Rte 9W, West Haverstraw, NY 10993, or by fax to (845) 786-4783. Failure to include the required information may result in your resume not being considered for this position.