Description:
As an associate consultant - security and privacy advisor, you will collaborate with team members to conceptualize, deliver, and support our clients through today’s ever-changing cybersecurity and data privacy landscape.
Serving as a security and data privacy advisor, your day-to-day role as a NYSTEC Consultant will be to support governance, risk, and compliance (GRC) efforts for major health IT programs by researching applicable state and federal policies and helping implement key security and privacy programs.
This position is expected to be performed primarily onsite in Albany, NY.
Key Responsibilities
- Supporting organizations with governance, risk, and compliance (GRC) activities in support of significant health information technology (HIT) programs.
- Performing research into state and federal policies that impact client compliance needs.
- Support the establishment of security and privacy awareness and training, incident response, disaster recovery, vulnerability management, and software development life cycle (SDLC) programs.
- Learning and applying knowledge of National Institute of Standards and Technology (NIST) 800-30 risk assessments, NIST 800-53 compliance assessments, and the NIST Cybersecurity Framework (CSF).
- Working with a team and with the client to ensure that their contractors adhere to all applicable security and privacy requirements — as included in federal and state law, regulation, policy, and contractual requirements.
About You
Required Qualifications
- Skills that cross multiple security and privacy domains — should be familiar with software development life cycle (SDLC), assessment of risk, data privacy, and able to understand the root causes of risks and to articulate how to mitigate in written and verbal communications to clients.
- Understanding of Health Insurance Portability and Accountability Act (HIPAA) security and privacy requirements.
- Understanding of NIST 800-53 security and privacy controls.
- Understanding the intersection of security and privacy.
- Excellent communication and writing skills.
- Willingness to seek knowledge and expertise through professional development within your specialty and follow up with action to improve quality and establish best practices.
Preferred/Desired Qualifications
- Knowledge of healthcare data sharing and protection.
- Knowledge of NYS and Federal policies that impact healthcare data