Job Description :
Visa status:
U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.
Duration: 6 months

Local Candidates Preferred
Travel: 10%
Bachelor''s in Information Systems required
7 years of IT experience with at least 4 years dedicated to IT Security Audit/Assessment, Policy Development or Security Training
CISSP, CISM, CISA & CRISC or relevant security qualification 1. Engagement Description
Contract Labor Title: Support Services – IT Security Services/Security Administration – Not Epic Certified
Functional Title: Regional Information Security Officer (RISO)
We are seeking a qualified candidate for the position of Regional Information Security Officer (RISO) for a 6-month contract to permanent opportunity.
The RISO is part of the Enterprise Information Technology Services (EITS) Security & Operational Risk Management department and will work both within region and across all regions as necessary to ensure a consistent delivery of information security and risk management services. This individual will act as a liaison and subject matter expert to the assigned business units on matters regarding information security and compliance with HIPAA, Joint Commission, Payment Card Industry Data Security Standards, and state privacy laws.
Engagement Location, Hours and Duration:
The engagement will take place at our NYC location. Consultant during this engagement is expected to travel 10% within the 5 boroughs of NYC.
2. Principal Duties and Responsibilities
Support the Chief Risk & Security Officer in the development and execution of risk analysis and risk mitigation strategies
Oversee HIPAA Security protocols for a region
Develop information security policies and procedures as directed by the organization''s Information Security Committee and in conjunction with HHC related policies
Conduct and participate in all relevant audits and risk assessment activities. Respond to request from regulating bodies such as NYS, OCR, CMS and Joint Commission.
Aid in the planning and execution of risk remediation activities including the identification of practical, cost effective solutions
Serve as the information security liaison and subject matter expert for users of clinical, financial and administrative systems
Develop effective working relationships with business and clinical leadership to champion information security initiatives and provide strategic influence throughout the region
Attend regular team, management, and project meetings and provide both verbal and written reports to the CRSO and Leadership Team as required
Develop security training and awareness program
Conduct new employee orientation and other security training sessions
Prepare communications to instruct staff about possible security issues
Participate in emergency preparedness and disaster recovery planning exercises
Keep informed on current threats and industry regulations
Work with site management and hospital security to co-ordinate periodic site walkthroughs to ensure compliance with HIPAA and security policies
Conduct and document investigations into potential privacy incidents and policy violations

3. Qualifications / Required Skill:
Bachelor''s in Information Systems required
7 years of IT experience with at least 4 years dedicated to IT Security Audit/Assessment, Policy Development or Security Training
CISSP, CISM, CISA & CRISC or relevant security qualification
Good knowledge of HIPAA, Joint Commission, CMS, PCI DSS, and other regulatory legislation pertinent to the healthcare industry
Knowledge and experience working with a GRC Software tool. RSAM software platform preferred.
Healthcare industry experience preferred
Working knowledge of information security frameworks such as NIST and COBIT
Experience in conducting and responding to information security assessments and audits. Meaningful Use Risk Analysis experience preferred.
Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate information security and risk related concepts to technical and non-technical audiences.
Ability to rapidly comprehend and interpret the functions and capabilities of new technologies.
Must possess a high degree of integrity and trust along with the ability to work independently