Consultant - Health Information Technology Security Compliance Consultant

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

As a consultant in the Cybersecurity and Data Privacy practice, you will collaborate closely with other team members to support our clients in today's rapidly evolving privacy landscape. Our clients consider NYSTEC to be a trusted privacy program advisor, as we provide subject matter expertise and program operations support for our clients.

Serving as a health information technology security compliance consultant, your day-to-day role as a NYSTEC consultant will involve supporting our client and the Statewide Health Information Network for New York (SHIN-NY) program with security compliance initiatives and activities.

This is a hybrid opportunity based in Albany, NY. Qualified candidates should reside within a commutable distance to Albany, NY.

• Supporting organizations with governance, risk, and compliance (GRC) activities in support of significant health information technology (HIT) programs.
• Providing support for establishing security awareness and training, incident response, disaster recovery, vulnerability management, and software development life cycle (SDLC) programs.
• Learning and applying knowledge of National Institute of Standards and Technology (NIST) 800-30 risk assessments, NIST 800-53 compliance assessments, and the NIST Cybersecurity Framework (CSF).
• Working with a team and with the client to ensure that their contractors adhere to all applicable security and privacy requirements - as included in federal and state law, regulation, policy, and contractual requirements.

• Skills that cross multiple security domains - should be familiar with the software development life cycle (SDLC), assessing risk, and able to understand the root causes of vulnerabilities and to articulate those in written and verbal communications to clients.
• Understanding of Health Insurance Portability and Accountability Act (HIPAA) security and privacy requirements.
• Understanding of NIST 800-53 controls.
• Knowledge of the NIST CSF.
• Excellent communication and writing skills.
• Knowledge of NIST 800-30 style risk assessments.
• Knowledge of Health Information Trust Alliance (HITRUST) certification.

• A certified information systems security professional (CISSP) or other skill-specific security certification.

• A bachelor's degree in a related field of study with one year of experience.
• An equivalent combination of advanced education, training, and experience will be considered.

The target base salary for this position is $73,476 - $95,518 per year. When determining compensation, we analyze and carefully consider several factors, including skill set, experience, location, and job-related qualifications.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.