NYU Langone Health is a world-class, patient-centered, integrated academic medical center, known for its excellence in clinical care, research, and education. It comprises more than 200 locations throughout the New York area, including five inpatient locations, a children’s hospital, three emergency rooms and a level 1 trauma center. Also part of NYU Langone Health is the Laura and Isaac Perlmutter Cancer Center, a National Cancer Institute¿designated cancer center, and NYU School of Medicine, which since 1841 has trained thousands of physicians and scientists who have helped to shape the course of medical history. For more information, go to nyulangone.org, and interact with us on Facebook, Twitter, YouTube and Instagram.
We have an exciting opportunity to join our team as a Governance, Risk and Compliance (GRC) Manager, Information Security.
This position reports to the Chief Information Security Officer and is responsible for designing, implementing, managing, and overseeing the Information Security Risk Assessment process and procedures to ensure NYULH compliance with related regulations and industry requirements (i.e., HIPAA, Meaningful Use, FISMA, PCI, etc). The incumbent is expected to be fully aware of the enterprises security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.
- Mentor and develop staff members and create a positive work environment that supports engagement with others.
- Lead and direct a small team in the security assessment process. Set clear goals and expectations that accomplish objectives.
- Leverage information on current threats to focus business and IT attention on emerging risk themes and issues.
- Promote a risk aware culture and communicate best practices to business and IT contacts.
- Review key audit and regulatory findings and develop and communicate risk themes and solutions to them.
- Review security and control processes along with associated documentation and reporting.
- Contribute to quarterly reports to MCIT Business-Partners on their respective application, infrastructure, and third party risk postures.
- Develop and maintain key relationships with core teams in order to provide advice and oversight on new initiatives.
- Provide expert and complex level advisories on NYULMC IT Risk framework, policies, standards and guidelines and contribute to their development where appropriate.
- Provide technical and best practice guidance to remediate IT risks taking into account specific complexities of each business unit.
- Advise and assist project teams regarding compensating control alternatives where security requirements cannot be met.
- Manage a team and perform information security risk assessments of existing and new technology solutions as well as third parties. Oversee and track the remediation plans for all identified risks.
- Must have a Bachelors degree from an accredited college/university.
- Minimum six years of progressive experience in leading security and compliance management programs; interactions with and support of clients; risk management and other GRC responsibilities within a large IT organization, preferably within a professional services firm or similar.
- Demonstrated experience with managing information security functions, including governance, frameworks, processes, tools, scorecards, and dashboards under aggressive deadlines and with competing priorities.
- Knowledge of industry regulations and standards (e.g. HIPAA, Meaningful Use, FISMA, PCI) as well as core technology infrastructure (e.g. firewalls, vpns, servers, databases, Internet technologies).
- Proven experience interacting with regulators, internal auditors and/or external auditors.
- Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, and ISO standards
- Working knowledge of GRC tools such as Symantec CCS, Archer GRC, Modulo Risk Manager.
- Certification requirements: CISSP, CISM, CISA, ISO 27001 Auditor, LSS Green Belt, or CRISC.
- Masters degree from an accredited college/university preferred.
- Ability to effectively prioritize and execute multiple assignments and tasks in a high-pressure environment.
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and shows initiative. Ability to work independently and with other teams when needed to troubleshoot problems.
- Capacity to learn new software and become proficient to provide support.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
Qualified candidates must be able to effectively communicate with all levels of the organization.
NYU Langone Health provides its staff with far more than just a place to work. Rather, we are an institution you can be proud of, an institution where you’ll feel good about devoting your time and your talents.
NYU Langone Health is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sex, sexual orientation, transgender status, gender dysphoria, national origin, age, religion, disability, military and veteran status, marital or parental status, citizenship status, genetic information or any other factor which cannot lawfully be used as a basis for an employment decision.
We require applications to be completed online.
If you wish to view NYU Langone Health’s EEO policies, please click here. Please click here to view the Federal “EEO is the law” poster or visit https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm for more information. To view the Pay Transparency Notice, please click here.