Apply on Employer Site

New York State Department of Health · 7 hours ago

Information Systems Auditor (Cybersecurity Analyst) - 23540

New York, NY

Full-time

Onsite

Mid Level

$87K/yr - $110K/yr

3+ years exp

New York State Department of Health is focused on enhancing public health and safety through robust cybersecurity measures. The role involves assisting in the development of the DOH Cybersecurity Program and providing expertise in information security, risk assessments, and compliance initiatives.

HealthcareHealth Care

Work & Life Balance

No H1B

Responsibilities

Assist in developing DOH Cybersecurity Program in alignment with regulatory requirements and industry best practices

Assist in developing DOH cybersecurity Governance, Risk and Compliance (GRC) Initiatives

Assist in developing cybersecurity regulation, policies, standards, and best practices for DOH and DOH’s regulated entities

Serve as an information security expert and evaluate systems and contracts for alignment with agency and State information security policies

Serve as information security expert and advise and provide assistance to DOH programs in cybersecurity related matters

Conduct cybersecurity risk assessments, threat and vulnerability analysis, and perform security testing

Maintain cybersecurity risk register, including reporting and tracking of remediations

Develop communication materials for both technical and non-technical audiences as directed

Assist in developing cyber incident response plan, procedures and playbooks

Assist in designing, planning, and facilitating cyber security tabletop exercises to foster information-sharing and enhance cyber awareness with relevant stakeholders

Perform cyber incident response and recovery activities as required and assigned

Administer security awareness training exercises targeted to department staff members and regulated entities on cyber security best practices

Perform other duties as required

Qualification

Cybersecurity Program DevelopmentCybersecurity Risk AssessmentInformation Security PoliciesCyber Incident ResponseCISA CertificationCISSP CertificationCRISC CertificationCompTIA Security+Cybersecurity Regulations KnowledgeAnalytical SkillsCommunication SkillsTeamworkOrganizational Skills

Required

a bachelor's degree and three years of IT auditing experience; or an associate's degree and five years of IT auditing experience

IT auditing experience must have been gained in any one or combination of the following: an information system or audit professional with responsibility for designing, developing, and evaluating mainframe and server-based audit systems; an information system or audit professional with responsibility for designing and programming tests to perform audits of physical and logical access controls of mainframe and server-based systems; an information system or audit professional with responsibility for data extraction, manipulation and analysis using information from diverse sources, including preparation and presentation of written reports of findings suitable for non-technical audience; and an information system or audit professional with responsibility for supporting an audit group, including developing and maintaining audit systems and identifying and providing data in support of audit activity

Preferred

Master's degree in Cybersecurity, Risk Management, Information Systems, Health Information Management, Computer Science, or a related field

Certification in one or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), (ISC)2 Systems Security Certified Practitioner (SSCP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), CompTIA Security+, CEH: Certified Ethical Hacker

Ability to work effectively in a team environment - Being highly organized, motivated and a self-directed professional

Knowledge of hardware, software, data, and network principles and systems related to health or public health sector

Understanding of commonly used computer operating systems, databases, network structures

Familiarity with cybersecurity regulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO 27001/27002, CIS, OWASP Top 10)

Investigative and analytical skills

Excellent oral and written communication skills, including the ability to explain complex technical issues in plain language

Knowledge of the current and evolving cyber threat landscape

Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy

Benefits

Holiday & Paid Time Off

Public Service Loan Forgiveness (PSLF)

Pension from New York State Employees’ Retirement System

Shift & Geographic pay differentials

Affordable Health Care options

Family dental and vision benefits at no additional cost

NYS Deferred Compensation plan

Access to NY 529 and NY ABLE College Savings Programs, and U.S. Savings Bonds

And many more...

Company

New York State Department of Health

Glassdoor3.9

To protect, improve and promote the health, productivity and well-being of all New Yorkers.

Founded in 1901

Albany, New York, USA

5001-10000 employees

https://health.ny.gov/

Funding

Current Stage

Late Stage

Leadership Team

Amy Gildemeister

Associate Director of Nutrition Policy and Partnership

Lindsay Redmond

Administrative Assistant to Medicaid CFO

Recent News

Central New York Business Journal

Community Wellness Partners awarded $2.6 million grant to launch PACE program

2025-12-06

Central New York Business Journal

State awards Le Moyne College $5 million for graduate students pursuing health-care degrees

2025-09-26

Morningstar.com

ALPD: New York Outbreak Highlights Need for Comprehensive Solutions that begin at the Source

2025-08-26

Company data provided by crunchbase