Information Technology Security Analyst

Description : The Consultant will provide guidance and support in cybersecurity compliance, risk assessments, and secure system development. Perform security reviews, information classification, and vulnerability management. Coordinate remediation efforts and escalate security concerns per established protocols.

Required Skills :

• 36 Months experience in a non-operational Healthcare Information Security / Risk Management position.
• 36 Months experience performing formal IT risk assessment in a corporate / enterprise environment exceeding 20 locations and 10,000 employees.
• 36 Months experience supporting audit response activities based on NIST 800-53 controls.
• 36 Months experience coordinating and tracking web application scanning including providing guidance and recommendations to mitigate and remediate vulnerabilities identified in the web application scanning.
• 36 Months experience coordinating and tracking infrastructure scanning including providing guidance and recommendations to mitigate and remediate vulnerabilities identified in the infrastructure scanning.
• 24 Months experience working with Business Units to perform Information Classification.
• 18 months experience utilizing NYS ITS Information Security Policy (NYS-P03-002) and associated NYS ITS security policies and standards for the purpose of protecting and maintaining the confidentiality, integrity, and availability of information; managing the risk of security exposure or compromise; and ensuring a secure and stable information technology (IT) environment.
• Active Certified in Risk and Information Systems Control (CRISC) certification.
• Active Certified Information Systems Security Professional (CISSP) certification.
• Active Certified Information Security Manager (CISM) certification.