Cybersecurity Compliance Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

New York eHealth Collaborative · 3 months ago

Cybersecurity Compliance Analyst

positionAlbany or New York, NY, USA
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$70K/yr - $90K/yr
date5+ years exp

New York eHealth Collaborative (NYeC) is a not-for-profit organization focused on improving healthcare through health information exchange. The Cybersecurity Compliance Analyst will maintain and enhance NYeC’s information security and compliance posture, ensuring alignment with regulatory requirements and industry standards while collaborating across departments to assess risk and support audits.

Health CareInformation TechnologyNon Profit
check
H1B Sponsor Likelynote

Responsibilities

Support the ongoing HITRUST certification, including control implementation, documentation, and evidence gathering
Supports general security control documentation and evidence gathering for regulatory frameworks and industry standards
Participates in the creation/updating of enterprise security documents (policies, standards, baselines, guidelines and procedures)
Participates in the creation/updating of and monitoring compliance with NYeC’s Information Security Roadmap
Monitors and ensures timely completion and implementation of remediation activities resulting from all required security risk assessments and tests, whether performed by NYeC or third party assessors, including but not limited to HIPAA Security Risk Assessments and Business Continuity, Incident Response and Disaster Recovery plan testing
Drafts NYeC’s required reports and contractual deliverables related to information security
Ensures vendor contracts meet security requirements and benchmarks
Assists in responding to information system security incidents, including investigation, containment, and recovery from computer-based attacks, unauthorized access, and policy breaches
Analyzes and researches best practices in information security governance including organizational policies, procedures, standards, baselines and guidelines for the use and operation of information systems
Communicates security compliance requirements and updates to relevant stakeholders and departments
Supports additional security and compliance initiatives as needed
Other duties as assigned

Qualification

HITRUST certificationInformation Security policiesRisk managementHIPAA complianceCloud security controlsCybersecurity frameworksAudit supportCommunicationAttention to detailCollaboration skillsDocumentation skills

Required

Bachelor's degree in Information Security, Computer Science, or a related field
A minimum of 5 years in information security or risk management, with a focus on security operations highly preferred
Ability to research and draft information security policies and procedures, and recommend new information security technologies for implementation
Strong attention to detail and excellent documentation skills to support audit trails and compliance evidence
Experience supporting audits, certification assessments, and control documentation
Familiarity with implementing regulatory requirements, cybersecurity industry frameworks and standards (HITRUST, HIPAA, MARS-E, FFIEC, NIST, CIS 20 critical controls, PCI-DSS, ISO 27001, etc.)
Understanding of cloud security controls and compliance in AWS and/or Azure environments
Excellent communication skills and ability to collaborate across technical and non-technical teams
Must have the ability to be available after hours as needed
Must have the ability for occasional travel between NYeC offices as needed

Preferred

Advanced degree in relevant field of study such as Information Security, Business Administration, IT, or related field preferred
Familiarity with healthcare data exchange standards and technologies (e.g., HL7, FHIR, HIE environments) a plus
Working knowledge of cloud computing security principles; AWS, Azure
HITRUST Certified CSF Practitioner (CCSFP)
CISM (Certified Information Security Manager)
CRISC (Certified in Risk and Information Systems Control)
CISA (Certified Information Systems Auditor)
CompTIA Security+
CISSP (Certified Information Security System Professional)
ISO 27001 Lead Implementer / Lead Auditor
CGRC (Certified in Governance, Risk & Compliance – ISC²)

Company

New York eHealth Collaborative

twittertwittertwitter
company-logo
New York eHealth Collaborative is a not-for-profit working to improve healthcare for all New Yorkers through health information technology
dateFounded in 2006
location
New York, New York, USA
people-size11-50 employees
web-link
http://nyehealth.org/

H1B Sponsorship

New York eHealth Collaborative has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2024 (3)
2023 (1)
2022 (1)
2021 (2)
2020 (1)

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
David Horrocks
CEO
linkedin
Company data provided by crunchbase