Information Security Analyst

New York eHealth Collaborative: Information Security Analyst

New York eHealth Collaborative (NYeC) is a not-for-profit organization working in partnership with the New York State Department of Health to improve healthcare by collaboratively leading, connecting, and integrating health information exchange across the State.

Founded in 2006 by healthcare leaders, NYeC works to help New York State achieve the Triple Aim of improving the patient experience of care, delivering better health outcomes, and reducing costs. On behalf of the State, NYeC leads the Statewide Health Information Network for New York (SHIN-NY), a network connecting healthcare providers statewide, develops policies and standards that support the utilization of health technologies, and assists healthcare providers in adopting and effectively using electronic health records.

NYeC is propelling healthcare forward by facilitating the use of new and innovative technologies that will improve patient care. Healthcare is currently undergoing an unprecedented transformation through a digital health revolution – do you want to be at the epicenter of it?

Employees must be fully vaccinated in accordance with NYeC’s policy before beginning employment with NYeC and present proof prior to their start date, unless they have requested and been granted an exemption or accommodation (based on disability/medical condition or a sincerely-held religious belief).

Position Summary:

The Information Security Analyst will play a crucial role in maintaining the security posture of NYeC by identifying vulnerabilities, monitoring for security incidents, and implementing security measures to protect our systems and data. The role will provide security and technical guidance to identify and assist in establishing practices and system configurations that ensure the safety of information systems assets and protect information systems from intentional or inadvertent access or destruction. This role works directly with the Information Security Engineer to monitor, analyze and audit information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports. The Information Security Analyst will work across all teams to ensure that cybersecurity risk gaps are identified and effective security controls are implemented to address risks.

This role will be based out of our Albany, NY or Manhattan, NY office. This role reports to the Information Security Engineer and HIPAA Security Officer. 

At this time, this role has a hybrid work schedule. All staff are required to work in the office 1 day per week (currently Tuesdays). There are then 30 additional in-person days that are expected each year on top of the 1 day required per week. Stakeholder visits, all staff meeting days, development days, and conference attendance count towards the additional 30 days. This schedule is subject to change.

Primary Responsibilities:

• Assists in implementing new information security systems and controls to deliver risk-prioritized solutions for multiple platforms and a diverse systems environment (e.g., company-wide, distributed, client server systems, cloud, and web applications);
• Monitors network and system logs for suspicious activities, analyzes security incidents, and responds promptly to mitigate potential threats;
• Utilizes existing information security solutions to establish and continuously improve processes that will include systematically analyzing IT events, notifying critical personnel, conducting impact assessments, reporting incidents, recommending countermeasures and tracking effectiveness;
• Collaborates with project teams, business unit constituents and other stakeholders, including third-party vendors, to conduct information security assessments, solutions development and vendor risk assessments, ensuring accountability for the appropriate balance of risk reduction, cost, resources, delivery and customer experience;
• Partners with the Information Security Engineer to perform technical analysis on a wide range of information security issues and tasks, with a focus on the organization’s security-related log files, including identification, ingestion, and parsing of log sources while monitoring and responding to alerts. Monitors operation of security systems such as firewalls, DNS logs, and intrusion detection and prevention systems;
• Participates in the response to information security incidents by gathering data and artifacts relevant to the event. Communicates response activities to stakeholders and facilitates eradications and recovery if needed and in accordance with the organization’s policies and procedures;
• Supports Information Security Engineer and CISO to provide technical expertise and support to customers, and IT staff in security assessments, implementation and operational aspects of appropriate information security procedures and solutions;
• Maintains an awareness of existing and proposed security standards, State and Federal legislation and regulations, and how they will affect the IT environment;
• Researches additional security solutions or enhancements to existing security solutions to improve overall enterprise security;
• Participates in the creation/updating of enterprise security documents (policies, standards, baselines, guidelines and procedures);
• Monitors and ensures timely completion and implementation of remediation activities related to security assessments;
• Assists team in drafting NYeC’s required reports and contractual deliverables related to information security;
• In coordination with the CISO and Information Security Engineer, assist with the development and administration of information security training and awareness programs;
• Performs other related duties and projects as assigned or requested, to help meet the overall mission and vision of Information Security.

Experience and Skills:

• Bachelor's degree (Cybersecurity, Information Security, Computer Science, or Information Systems preferred), or equivalent work experience in a technical environment;

• At least 3 years of experience in Cloud platforms with a focus on Security (AWS highly preferred) and achievement of a professional level certification with Amazon required (AWS Security highly preferred);
• Experience with Amazon Snowflake, is preferred.

• Possession of security certification(s) highly preferred: CISSP, CISM, SSCP, CEH, Security+, GSEC, etc;
• At least 3 years of experience in the field of information technology with a focus in security operations highly preferred;
• Knowledge of networking, firewall, IDS/IPS and VPN systems;
• Knowledge of vulnerability management;
• Knowledge of SIEM and system monitoring;
• Knowledge of IAM technologies (Directories, OIM, SSO, SCIM, etc.);
• Experience with HITRUST highly preferred; Experience with GRC and compliance frameworks such as NIST, ISO, PCI, etc., preferred;
• Excellent analytical and problem-solving abilities to identify and recommend solutions for security risks;
• Ability to build understanding and awareness of security issues throughout the organization;
• Ability to effectively work as part of a team to develop security solutions in collaboration with core information technology team;
• Must be available to participate in off-hours monitoring schedule. Must be able to quickly respond to problems affecting systems security, occasionally requiring work outside normal business hours (i.e. weekends, evenings or early mornings) as needed;

• Must have an ability to travel between NYeC offices as needed, up to 20% of the time as needed.

We consider a wide range of factors when determining compensation, which may cause compensation to vary depending on your skills, experience, qualifications, and home office location (Manhattan, NY vs. Albany, NY). The annual base salary range for this role for an Albany based candidate is $65,000 - $80,000. The annual base salary range for this role for a NYC based candidate is $80,000 – $100,000. The salary offer will not be based on a candidate’s salary history at other jobs, and by law, NYeC will not seek information about salary history, and candidates should not share such information with NYeC. All compensation questions and comments should be directed to the HR Department representative during your application, interview, and hiring process.

NYeC is an Equal Opportunity Employer. We are dedicated to building a diverse, inclusive, and authentic workplace, so if you are excited about this role but your past experience doesn't align perfectly with everything listed in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

For more information about NYeC and to apply for this position, visit our website at https://www.nyehealth.org /careers/. We accept online applications only. If you need to request an accommodation or need any assistance completing this job application, please reach out to hr@nyehealth.org for assistance. NYeC is an EOE/Minorities/Females/Vet/Disabled.