Apply on Employer Site

New York State Technology Enterprise Corporation (NYSTEC) · 2 weeks ago

Senior Consultant - Cybersecurity Compliance Analyst

Albany, NY

Full-time

Onsite

Senior Level

$84K/yr - $110K/yr

5+ years exp

NYSTEC is a nonprofit technology consulting company that has been advising various organizations since 1996. The Senior Consultant will collaborate with team members to support clients in assessing and securing cloud-based solutions, APIs, and AI technologies while providing cybersecurity subject matter expertise and program operations support.

CharityInformation TechnologyNon Profit

Work & Life Balance

No H1B

Responsibilities

Integrating identity and access management, such as NY.Gov ID, into client system initiatives

Preparing and delivering summaries, reports, and presentations to communicate complex technical security and privacy information, and make actionable recommendations to both technical and nontechnical stakeholders

Assisting with developing and maturing API and AI security standards

Coordinating with the web and application security testing team

Ensuring regulatory compliance with the Health Insurance Portability and Accountability Act (HIPAA), Centers for Medicare & Medicaid Services (CMS) Acceptable Risk Safeguards (ARS), New York State standards and policies, and National Institute of Standards and Technology (NIST) Special Publication 800-53

Conducting security compliance assessments

Preparing security documentation and policies

Supporting audits and CMS reviews

Qualification

NIST 800-53 controlsCybersecurity certificationsRisk assessmentIdentityAccess managementVulnerability assessmentsAnalytic skillsStakeholder managementOperational technical backgroundCommunication skillsProblem-solving skills

Required

Excellent work ethic, critical thinking, analytic, and problem-solving skills

Clear and concise written and verbal communication skills

Diplomacy and stakeholder relationship development and management skills

Sound operational technical background

Knowledge of, and experience with, implementing NIST 800-53 controls and an understanding of the IT security processes behind those controls

Ability to assess IT risk in a client's environment and a desire to learn NIST 800-30 style risk assessments

One or more of the following cybersecurity certifications: CISSP, CCSP, CISM, CISA, GSEC, or CompTIA Security+

A bachelor's degree and five to seven years of experience in an operational or information security role

An equivalent combination of advanced education, training, and experience (e.g., relevant classwork or outside training and security certifications) may be considered

Preferred

Skills across multiple security domains

Experience with privacy programs, requirements, and controls

Knowledge of the New York State Medicaid program, its systems, data, and uses

Expertise in public health, health information, or security and privacy policies and standards, such as NIST 800-53 and CMS ARS

Expertise with identity and access systems and modern protocols, such as Security Assertion Markup Language (SAML), Open Authorization (OAuth), OpenID Connect, multi-factor authentication (MFA), etc

Experience with vulnerability assessments of cloud services and infrastructure

Familiarity with the secure software development life cycle (SSDLC) and technologies and the causes of vulnerabilities

Ability to articulate risk and mitigation strategies to clients in written and verbal communications

A background in software development or system administration