Cybersecurity Compliance Specialist

About the Role

The Consultant will provide guidance and support in cybersecurity compliance, risk assessments, and secure system development.

Main Responsibilities:

• Perform security reviews, information classification, and vulnerability management.
• Coordinate remediation efforts and escalate security concerns per established protocols.

Requirements:

• ~36 Months experience in a non-operational Healthcare Information Security /Risk Management position.
• ~36 Months experience performing formal IT risk assessment in a corporate/enterprise environment exceeding 20 locations and 10,000 employees.
• ~36 Months experience supporting audit response activities based on NIST 800-53 controls.
• ~36 Months experience coordinating and tracking web application scanning including providing guidance and recommendations to mitigate and remediate vulnerabilities identified in the web application scanning.
• ~36 Months experience coordinating and tracking infrastructure scanning including providing guidance and recommendations to mitigate and remediate vulnerabilities identified in the infrastructure scanning.
• ~24 Months experience working with Business Units to perform Information Classification.
• ~18 months experience utilizing NYS ITS Information Security Policy (NYS-P03-002) and associated NYS ITS security policies and standards for the purpose of protecting and maintaining the confidentiality, integrity, and availability of information; managing the risk of security exposure or compromise; and ensuring a secure and stable information technology (IT) environment.
• ~ Active Certified in Risk and Information Systems Control (CRISC) certification.
• ~ Active Certified Information Systems Security Professional (CISSP) certification.
• ~ Active Certified Information Security Manager (CISM) certification.