IT Security Risk Manager

MetroPlusHealth provides the highest quality healthcare services to residents of Bronx, Brooklyn, Manhattan, Queens and Staten Island through a comprehensive list of products, including, but not limited to, New York State Medicaid Managed Care, Medicare, Child Health Plus, Exchange, Partnership in Care, MetroPlus Gold, Essential Plan, etc. As a wholly-owned subsidiary of NYC Health + Hospitals, the largest public health system in the United States, MetroPlusHealth's network includes over 27,000 primary care providers, specialists and participating clinics. For more than 30 years, MetroPlusHealth has been committed to building strong relationships with its members and providers to enable New Yorkers to live their healthiest life.

Position Overview 

Collaborates with IT Security management in the development of enterprise Security assessment tools and policy and procedures. Assesses information risk and facilitates remediation of identified vulnerabilities with the organization, systems and applications and vendors. Reports on findings and recommendations for corrective action.

• Collaborates with IT Security management in the development of enterprise Security assessment tools and policy and procedures. 
• Performs vulnerability assessments as assigned utilizing I.T. Security tools and methodologies.  Summarizes risk posture across the organization or within specific business units.
• Identifies opportunities to reduce organizational risk, detects and remediates vulnerabilities and ensures compliance and audit readiness.
• Makes recommendations for corrective action and documents management decisions regarding acceptance or mitigation of risk scenarios.
• Facilitates and monitors performance and compliance of risk remediation tasks.  Reports on findings.
• Liaises with organization partners and vendors regarding the security maintenance of their systems and applications.
• Creates and presents changes related to risk mitigation to Change Authorization Board (CAB), as needed.
• Provides weekly status on projects, including outstanding issues and progression.
• Participates in the development of ‘security awareness’ education and training, as necessary.
• Performs related duties, as required.

• Bachelor’s Degree in Information Security, Audit or related field, and five (5) years progressively responsible information security assessment or audit experience, required or High School Diploma or equivalent, and eight (8) years progressively responsible information technology risk management experience, required.
• Thorough knowledge and understanding of current information risk assessment techniques is required for this position.
• Familiarity with Federal and State compliance regulations including HIPPA, PCI-DSS and NYSDFS, required.
• Strong interpersonal and communication skills
• Experience in a healthcare environment, preferred.
• Certified in at least one (1) of the following:
  • Certified in Risk and Information Systems Control (CRISC); Highly desirable
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA), Security+, Global Information Assurance Certification (GIAC) or related certification

Professional Competencies

• Integrity and Trust
• Customer Focus
• Functional/Technical skills
• Written/Oral Communication

#LI-Hybrid