Cybersecurity Compliance Analyst

NEW YORK EHEALTH COLLABORATIVE INCAlbany, NY
86d$70,000 - $110,000
Match Resume

About The Position

New York eHealth Collaborative (NYeC) is a not-for-profit organization working in partnership with the New York State Department of Health to improve healthcare by collaboratively leading, connecting, and integrating health information exchange across the State. Founded in 2006 by healthcare leaders, NYeC works to help New York State achieve the Triple Aim of improving the patient experience of care, delivering better health outcomes, and reducing costs. On behalf of the State, NYeC leads the Statewide Health Information Network for New York (SHIN-NY), a network connecting healthcare providers statewide, develops policies and standards that support the utilization of health technologies, and assists healthcare providers in adopting and effectively using electronic health records. NYeC is seeking a Cybersecurity Compliance Analyst to play a key role in maintaining and strengthening NYeC’s information security and compliance posture within a healthcare data exchange environment. This role ensures that security controls, policies, and practices align with regulatory requirements, industry standards, and frameworks. The analyst collaborates across departments to assess risk, support audits, and drive continuous improvement in cybersecurity and compliance processes. This role can be operated out of our Albany, NY or Manhattan, NY office on a hybrid schedule.

Requirements

  • Bachelor’s degree in Information Security, Computer Science, or a related field.
  • A minimum of 5 years in information security or risk management, with a focus on security operations highly preferred.
  • Ability to research and draft information security policies and procedures, and recommend new information security technologies for implementation.
  • Strong attention to detail and excellent documentation skills to support audit trails and compliance evidence.
  • Experience supporting audits, certification assessments, and control documentation.
  • Familiarity with implementing regulatory requirements, cybersecurity industry frameworks and standards (HITRUST, HIPAA, MARS-E, FFIEC, NIST, CIS 20 critical controls, PCI-DSS, ISO 27001, etc.).
  • Understanding of cloud security controls and compliance in AWS and/or Azure environments.
  • Excellent communication skills and ability to collaborate across technical and non-technical teams.
  • Familiarity with healthcare data exchange standards and technologies (e.g., HL7, FHIR, HIE environments) a plus.
  • Working knowledge of cloud computing security principles; AWS, Azure.
  • Must have the ability to be available after hours as needed.
  • Must have the ability for occasional travel between NYeC offices as needed.

Nice To Haves

  • HITRUST Certified CSF Practitioner (CCSFP)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
  • CompTIA Security+
  • CISSP (Certified Information Security System Professional)
  • ISO 27001 Lead Implementer / Lead Auditor
  • CGRC (Certified in Governance, Risk & Compliance – ISC²)

Responsibilities

  • Support the ongoing HITRUST certification, including control implementation, documentation, and evidence gathering.
  • Supports general security control documentation and evidence gathering for regulatory frameworks and industry standards.
  • Participates in the creation/updating of enterprise security documents (policies, standards, baselines, guidelines and procedures).
  • Participates in the creation/updating of and monitoring compliance with NYeC’s Information Security Roadmap.
  • Monitors and ensures timely completion and implementation of remediation activities resulting from all required security risk assessments and tests.
  • Drafts NYeC’s required reports and contractual deliverables related to information security.
  • Ensures vendor contracts meet security requirements and benchmarks.
  • Assists in responding to information system security incidents, including investigation, containment, and recovery from computer-based attacks, unauthorized access, and policy breaches.
  • Analyzes and researches best practices in information security governance including organizational policies, procedures, standards, baselines and guidelines for the use and operation of information systems.
  • Communicates security compliance requirements and updates to relevant stakeholders and departments.
  • Supports additional security and compliance initiatives as needed.
  • Other duties as assigned.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

Bachelor's degree

Number of Employees

51-100 employees

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service