IT Risk Management Specialist
County Hwy-3 Melville, NY 11747
Position: IT Risk Management Specialist - 012
Location: Melville, NY
In the role of I.T. Risk Management Analyst, you will collaborate with IT Security management in the development of enterprise Security assessment tools and policy and procedures. You will assess information risk and facilitate remediation of identified vulnerabilities with the Health System' s Enterprise network, systems and applications. Lastly, you will report on findings and recommendations for corrective action.
Job Responsibilities Include:
- Collaborates with IT Security management in the development of enterprise Security assessment tools and policy and procedures.
- Performs vulnerability assessments as assigned utilizing I.T. Security tools and methodologies. Summarizes risk posture across the Health System or within specific business units.
- Identifies opportunities to reduce risk within the Health System, detects and remediates vulnerabilities and ensures compliance and audit readiness.
- Makes recommendations for corrective action and documents management decisions regarding acceptance or mitigation of risk scenarios.
- Facilitates and monitors performance and compliance of risk remediation tasks. Reports on findings.
- Liaises with Health System' s partners and vendors regarding the security maintenance of their systems and applications.
- Creates and presents changes related to risk mitigation to Change Authorization Board, as needed.
- Provides weekly status on project status, including outstanding issues.
- Participates in the development of ' security awareness' education and training, as necessary.
- High School Diploma or equivalent, required and minimum of eight (8) years progressively responsible information technology risk management experience, required.
- Bachelor' s Degree in Information Security or Audit or related field, required.
- Minimum of five (5) years progressively responsible information security assessment or audit experience, required. Healthcare environment, preferred.
- Certified in at least one of the following: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Security+, Global Information Assurance Certification (GIAC) or related certification, required.
- Thorough knowledge and understanding of current information risk assessment techniques, required.
- Familiarity with Federal and State compliance regulations including HIPPA, PCI-DSS and Meaningful Use, required.
- Strong interpersonal and communication skills and the ability to work with all levels of management, required.
- Project management skills, required.