Security Engineer

Need Locals to be new york with State client experience

Primary Duties Include:

• Oversees and participates in creation of and updating organizational policies aligned to the cybersecurity needs of the organization, best practices, and regulatory requirements; heavy focus on NYS Hospital Cybersecurity Regulation but inclusive of others such as HIPAA, NIST CSF and PCI.
• Works closely with control owners and internal and external auditors to ensure requests are completed in time.
• Assists with evaluating the information security program's effectiveness by developing, monitoring, gathering, tracking, and analyzing information security and compliance metrics for management.
• Creating, maintaining, communicating, and tracking information security policies, procedures/ SOP, and other documentations.
• Prepares for and facilitates assessments by qualified security assessors for regulations such as HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.
• Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that Roswell Park meets both the requirements and intent of its regulatory and compliance obligations.
• Facilitates the remediation of control gaps and escalates critical issues to leadership.
• Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
• Develops mechanisms to align with the adoption and usage of current and emerging regulations including HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.
• Work with SMEs to interpret and translate controls into remediation items.
• Lead and manage IT cybersecurity compliance project from initiation through closure and post-mortem.

Knowledge, Skills, and Abilities

Knowledge of:

• Excellent technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc.)
• Applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
• Policy, procedure, SOP advisory.
• Information systems auditing, monitoring, controlling, and assessment process.
• Incident response management.
• Penetration Testing, Vulnerability Management.
• Business Continuity and Disaster Recovery.
• Risk assessment and management methodology.

Skills in:

• Developing and implementing enterprise governance, risk, and compliance strategy and solutions.
• Information technology and cybersecurity project management, planning, and execution.
• Time and task management.
• Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.
• Using judgment and ingenuity in maintaining objectives and technical standards.

Ability to:

• Effectively communicate technical issues to diverse audiences, both in writing and verbally.
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
• Evaluate and update and/or revise program materials.
• Comprehend technical background and confer, analyze, and write in an objective, lucid manner.
• Work as part of a team and/or independently and prioritize multiple task