New York State Department of Health · 11 hours ago
Project Coordinator - Information Security - 93707
West Haverstraw, NY
Full-time
Onsite
Mid, Senior Level
$104K/yr - $128K/yr
3+ years expThe New York State Department of Health is focused on enhancing health security and compliance. They are seeking a Project Coordinator to implement cybersecurity controls, supervise staff, and manage information security incident responses while ensuring compliance with relevant regulations.
Health Care
No H1B
Responsibilities
Serve as Information Security Officer and implement cybersecurity controls required by the NYS Title 10, Section 405.46 - Hospital Cybersecurity Requirements of the Health Insurance Portability and Accountability Act (HIPAA) and other relevant regulations at Helen Hayes Hospital
Serve as subject matter expert in multiple areas of cybersecurity, such as incident response, digital forensics, risk assessments, digital identity management, and state and federal compliance requirements
Supervise staff, assign tasks, write performance and probationary evaluations, conduct interviews, and hire staff
Responsible for the facility’s information, security incident response, risk and compliance, and cyber governance
Support the implementation and improvement of information security incident response plans and reports
Investigate alleged information security violations, refer cases to entities like NYS Cyber Command or law enforcement as required, and respond to external investigation requests
Perform analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provide remediation recommendations
Implementation of information security and compliance programs
Participation in the development, interpretation, review and communication of information security regulations, policies, procedures, and standards
Monitoring of security compliance information, and improvement recommendations
Support of the implementation of information security procedures and protocols and participate in security risk reviews and remediation activity, including producing written reports
Collaboration with internal and external partners to address information security issues
Planning and conducting outreach programs and activities to increase cybersecurity awareness
Tracking and reporting on all security-related project portfolio tasks
Support management in the resolution of security threats to agency and facility information systems
Participation in information security risk analysis and risk management processes with business and IT units
Review vulnerability scanning and analysis reports to help determine the scope of risk and prioritization of remediation
Collect and maintain a risk register, including reporting and tracking of remediation
Monitoring of external data sources to maintain the currency of threat conditions and their potential impact on the enterprise
Participate in the identification and modeling of new threat scenarios to provide proactive defensive measures to technical teams for mitigation of risk and disseminate threat and vulnerability intelligence products
Participate in the continuous monitoring and protection of technology resources and determine events that require investigation and response
Design, plan, and facilitate cybersecurity tabletop exercises to foster information sharing and enhance cyber awareness with stakeholders
Conduct post-exercise after-action analysis, reporting, and assessment; develop recommendations; and design future exercises to validate improvements
Evaluate systems and contracts for alignment with agency and State security policies
Review contracts, service level agreements, memorandum of understanding language, and other documents to verify that they meet information security needs and requirements that align with facility, agency, and State security policies
Provide information security expertise, advice, and recommendations to agency executives on a broad range of information security matters
Act as an information security leader on projects and initiatives to ensure security by design through the implementation of the Secure Systems Development Lifecycle (SSDLC)
Monitor information security trends, tools, and techniques; keep abreast of relevant laws and regulations that could affect the security controls and classification of information assets and communicate legal and regulatory requirements
Conduct research, administer, and utilize specialized cybersecurity tools, techniques, and procedures
Represent the agency at internal and external information security meetings and conferences to maintain awareness and evaluate the applicability of the latest information security techniques and tools to the agency’s security program
Participate in the creation and maintenance of dashboards and reports that present information security data in an intuitive manner
Qualification
Required
A bachelor's degree with at least 15 credit hours in cyber security, information assurance, or information technology
Three years of information technology experience, including two years of information security or information assurance experience
Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify
Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis
An associate's degree requires an additional two years of general information technology experience
Experience solely in information security or information assurance may substitute for the general information technology experience
Preferred
A master's degree in cybersecurity, risk management, information systems, health information management, computer science, or a related field
A minimum of 3 years of experience in cybersecurity, cyber risk assessment, cyber incident response, or auditing IT systems
Possess a certification in one or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), (ISC)2 Systems Security Certified Practitioner (SSCP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), CompTIA Security+, CEH: Certified Ethical Hacker
Ability to work effectively in a team environment
Highly organized, motivated, and a self-directed professional
Strong analytical skills and a deep understanding of security frameworks and risk management practices
Excellent communication abilities
Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services
Thorough understanding of commonly used computer operating systems, databases, and network structures
Familiarity with cybersecurity regulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO27001/27002, or CIS)
Investigative and analytical skills
Excellent oral and written communication skills, including the ability to explain complex technical issues in plain language
Knowledge of the current and evolving cyber threat landscape
Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy
Benefits
Holiday & Paid Time Off
Public Service Loan Forgiveness (PSLF)
Pension from New York State Employees’ Retirement System
Shift & Geographic pay differentials
Affordable Health Care options
Family dental and vision benefits at no additional cost
NYS Deferred Compensation plan
Access to NY 529 and NY ABLE College Savings Programs, and U.S. Savings Bonds
And many more...
Company
New York State Department of Health
To protect, improve and promote the health, productivity and well-being of all New Yorkers.
5001-10000 employees
Funding
Current Stage
Late StageLeadership Team
Amy Gildemeister
Associate Director of Nutrition Policy and Partnership
Lindsay Redmond
Administrative Assistant to Medicaid CFO
Recent News
Central New York Business Journal
2025-12-06
Central New York Business Journal
2025-09-26
Morningstar.com
2025-08-26
Company data provided by crunchbase