NYU Langone Health is a world-class, patient-centered, integrated academic medical center, known for its excellence in clinical care, research, and education. It comprises more than 200 locations throughout the New York area, including five inpatient locations, a children’s hospital, three emergency rooms and a level 1 trauma center. Also part of NYU Langone Health is the Laura and Isaac Perlmutter Cancer Center, a National Cancer Institute designated comprehensive cancer center, and NYU Grossman School of Medicine, which since 1841 has trained thousands of physicians and scientists who have helped to shape the course of medical history. For more information, go to nyulangone.org, and interact with us on LinkedIn, Glassdoor, Indeed, Facebook, Twitter, YouTube and Instagram.
We have an exciting opportunity to join our team as an IT Security Policies, Standards and Education Specialist.
This position reports to the Chief Information Security Officer and is responsible for developing, updating, and educating the workforce on IT Security policies, standards, and best practices to protect sensitive data and reduce organizational risk. These documents establish the framework for the Medical Center to comply with related industry standards and regulations (i.e., HIPAA, Meaningful Use, FISMA, PCI, FERPA). The IT Security Policies, Standards, and Education position is a vital and integral element of the security program. The role enhances, supports, and enables the technical information security controls by addressing human factors.
- Lead activities associated with the Information Security Policies and Standards documentation. This involves liaising with relevant employees from various parts of the organization and, in some cases, external/third party organizations in order to specify, commission, develop, review, approve, implement, and maintain the Information Security Policies and Standards documentation.
- Develop and execute a comprehensive cyber security training and awareness plan to ensure that relevant employees and third parties understand, acknowledge and ultimately fulfill their obligations defined in the security policies and standards, plus applicable laws, regulations and contractual commitments, and ethics.
- Keep abreast of regulatory and institutional requirements that may affect IT security policies, procedures, and standards; Develop and maintain said documentation.
- Work with IT subject matter experts to ensure policies and standards reflect their procedures.
- Foster relationships with programs and departments across the NYU Langone Health environment to integrate cybersecurity education into training curriculums.
- Create and publish security-related communications to inform users of emerging threats and offer education on industry trends (i.e. 2 factor, DLP, etc.) affecting the security posture of the institution.
- Host location-based cybersecurity education fairs and events to establish a presence for IT Security across all clinical, research, and educational sites.
- Explore and manage various communication channels and models (including video, webinar, print, etc.) that can be leveraged to connect users to cybersecurity resources for both at work and at home.
- Update, manage, and enhance cybersecurity community webpage to keep users informed of important cyber notifications and well-connected to educational resources.
- Solicit input from MCIT leadership to identify and create targeted advanced trainings to enhance the security IQ of staff with specific skill sets and roles (i.e. developers, system admins, etc.).
- Promote and foster a risk and security awareness culture and communicate best practices to business and IT contacts
Formal Education & Certification
- Bachelor’s degree from an accredited college/university; Master’s degree from an accredited college/university preferred
- CISSP – Certified Information Systems Security Professional (ISC2)
- CISA – Certified Information System Auditor
- Other certifications preferred – CISM, ISO 27001 Auditor, LSS Green Belt, CRISC, CIPP, CGEIT or ITIL
- Minimum 3-5 years of progressive experience in IT security policy and compliance management programs for healthcare or academic medical centers; interaction with and support of clients; risk management and other GRC responsibilities within a large healthcare organization.
- Demonstrated experience with IT security governance, security education, security scorecards, and ability to work under aggressive deadlines with competing priorities.
- Strong knowledge of laws, industry regulations, and standards that govern information security practices and frameworks (e.g. HIPAA, Meaningful Use, FISMA, FERPA, PCI)
- Knowledge of technology (e.g. firewalls, VPNs, servers, databases, cloud storage).
- Proven experience interacting with regulators, internal auditors and/or external auditors.
- Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, and ISO standards
- Working knowledge of GRC tools such as Symantec CCS and Archer GRC.
- Proven experience leading and collaborating on high visibility projects in a large organization.
- Ability to support and work with business process owners to incorporate cybersecurity products and provisions into their processes.
- Ability to effectively prioritize and execute multiple assignments and tasks in a high-pressure environment.
- Excellent written, interpersonal, planning, and organizational skills
- Ability to effectively communicate to senior management
- Strong collaboration, negotiation, and mediation skills.
- Must possess a high degree of initiative, motivation, and problem-solving skills.
- Must be able to understand and resolve problems that involve trade-offs between security, regulation, cost containment, and timeliness.
- Ability to execute and think with a strong control and process mindset
- Ability to research IT security issues and products as required.
- Ability to work independently and with other teams to troubleshoot problems.
- Keen attention to detail.
- Team-oriented and able to work within a collaborative environment.
Qualified candidates must be able to effectively communicate with all levels of the organization.
NYU Langone Health provides its staff with far more than just a place to work. Rather, we are an institution you can be proud of, an institution where you’ll feel good about devoting your time and your talents.
NYU Langone Health is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sex, sexual orientation, transgender status, gender dysphoria, national origin, age, religion, disability, military and veteran status, marital or parental status, citizenship status, genetic information or any other factor which cannot lawfully be used as a basis for an employment decision. We require applications to be completed online.
If you wish to view NYU Langone Health’s EEO policies, please click here. Please click here to view the Federal “EEO is the law” poster or visit https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm for more information. To view the Pay Transparency Notice, please click here.