Sr. Security & Risk Management Consultant - NYC - Georgia IT Inc.

New York, NY

About the Job

Sr. Security & Risk Management Consultant
NYC
6 months +
Rate: Open
Client : NY city hospitals
This consulting position is responsible for managing the entire information security & risk management (ISRM) department which comprises security engineering & operations, security architecture, application security and incident response/forensics/threat research.
The candidate will provide oversight, and direction to ensure corporate information protection polices, processes, and safeguards are consistently applied to protect patient, employee, and proprietary confidential data.
This individual will act as a liaison and subject matter expert for the business units and sr. management on matters regarding information security and compliance with HIPAA, Joint Commission and NIST Data Security Standards.
The candidate will be responsible for hiring and maintaining top notch security talent and report directly to the Chief Information Security & Risk Officer.
Engagement Location, Hours and Duration:
The engagement will take place at our NYC location. Consultant during this engagement is expected to travel 10% within the 5 boroughs of NYC.
Principal Duties and Responsibilities:

Support the Chief Risk & Security Officer in the development and execution of risk management and risk communication strategies
Provide strategic direction to all the security departments that is aligned with corporate business objective and regulatory requirements.
Manage/mature Information security & risk management (ISRM) processes, program and strategy as well as align all activities with COBIT 5 security and risk management as well as NIST cybersecurity framework
Collaborate with team members, peers and the business unit management team to determine technical information security requirements, planned remediation, and advocate for the program to gain resources to implement appropriate protection technologies and processes.
Ensure continuous security compliance and monitoring
Make proactive assessments of threat information in and outside the public domain, understanding the threat as it relates to HHC and implement measures to combat the threat. Make technical risk-based decisions on a daily basis that has the potential to impact our client ability to operate and communicate.
Ensure data security controls for HHC are appropriate and operating as intended; includes solutions that are directly controlled as well as security solutions that are operated by other internal and external groups.
Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Develop board level metrics and key risk indicators on overall state of security posture and demonstrate increase in the maturity of the program
Drives effective delivery of multi-year, multi-million dollar IT Security projects to achieve the strategic and operational plans.
Manage and mentor direct reports that will include security managers (Assistant Directors) as well as level 3 security architect/engineer/analysts
Develop and manage security budget, secure funding for necessary security controls
Build a security and risk aware culture
Manage relationships with multiple vendors, New York State, DoH, FBI, HHS and OCR
Respond to all IT security requests from internal and external auditors.
Assist the Governance group in the development and refinement of technical security standards, key performance indicators and other necessary processes to maintain effective operational security, as it relates to HHC.

Qualifications / Required Skills:

Bachelor's in Information Systems required
10 years of hands on information security experience with at least 5 years as a lead/manager/department head leading a multi-disciplinary security department
At least 3 years working in a regulated industry (healthcare preferred)
A broad, enterprise-wide view of businesses and understanding of security strategy
Experience with development of strategic IT security plan, goals and budgets
Directly responsible for completion of multiple multi-year enterprise wide Network, Endpoint and Application security projects involving multiple vendors and other IT departments while maintaining/managing daily operations
Experience using project management tools to perform functions such as tracking project status, effort reporting, resource/capacity planning and prioritization
Experience administering tools for services such as the following: anti-virus, vulnerability assessments and remediation, intrusion prevention system (IPS), security incident event management (SIEM), log monitoring/correlation, security incident tracking, internal and external penetration testing, advanced firewall and other network protection. end-point workstation security protection, mobile device security and encryption
Knowledgeable of cloud and mobile device security requirements, risks and mitigation strategies.
Ability to rapidly comprehend and interpret the functions and capabilities of new technologies.
Thorough knowledge of SDLC, HIPAA security rule, COBIT and NIST and the ability to apply Information Security principles to business solutions.
Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls
Excellent written and verbal communication skills; interpersonal skills
Must possess a high degree of integrity and trust along with the ability to work independently as well as motivate others
CISSP, CISM, C-RISC, GIAC or other technical security certifications

Source : Georgia IT Inc.