Corning Tower, Empire State Plaza
Minimum Qualifications Bachelor’s degree* and five years of information technology experience, including three years of information security or information assurance experience.
*Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
Preferred Qualifications: Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA).; Experience with All payer security and privacy requirements, as well as relevant National Institute of Standards and Technology (NIST) security standards and Security Policies & Standards required by CMS (Medicaid, Medicare, Children’s Health Insurance Program) such as MARS-E 2.0 SSP, NIST SP 800-111, NIST SP 800-53, HIPAA, HITECH, FIPS 140-2, FIPS199, etc; Excellent interpersonal, written, and verbal communications skills; Excellent analytical and problem-solving skills; Experience presenting to executives and leadership teams, with the ability to communicate security and risk-related concepts.
Duties Description "The CISO 1 position will work within the Center for Health Data Innovation and will ensure essential security risk management, compliance and oversight of the All Payer Database (APD) and other data systems in Office of Quality and Patient Safety (OQPS). Because the APD integrated with multiple independent systems and supported by multiple vendors, the CISO 1 will be responsible for overseeing a growing portfolio of systems that support transfer, intake, processing, and storing, of health care information.
The CISO 1 will be responsible for overseeing the implementation of State and national cyber security standards and policies in the APD; implementing security controls to ensure the confidentiality, integrity, and availability of the NYS data in the APD; and coordinating risk assessment analysis, vulnerability remediation and cyber incident response to the APD, Statewide Planning and Research Cooperative System (SPARCS), Vital Statistics (VS), Medicaid Data Mart, Health Data NY programs, data intake systems, and public and commercial health insurance program enrollment and term segment information, and COVID Registry.
Duties include, but are not limited to:
- Develop, maintain, and assure information security and risk management, and compliance with policies, standards, protocols and best practices and create and facilitate cyber security risk assessment processes, including oversight and reporting on remediation efforts for APD and other associated systems in OQPS.
- Collaborate with OQPS program managers to identify and understand the information assets in APD that support critical business functions and manage related cybersecurity risks in a manner consistent with the OQPS’s overall cybersecurity risk management strategy and business objectives.
- Ensure APD security and privacy controls are implemented to comply with all applicable New York State Security Policies & Standards; relevant National Institute of Standards and Technology (NIST) security standards and Security Policies & Standards as required by CMS (Medicaid, Medicare, Children’s Health Insurance Program) and to ensure compliance required to retain federal funding of the APD;
- Ensure compliance with a system security plan (SSP) that meets national standards and policies (such as CMS’ Minimum Acceptable Risk Standards for Exchanges (MARS-E) Version 2.0 SSP, NIST Special Publication (SP) 800-111, NIST SP 800-53, Health Insurance Portability and Accountability Act (HIPAA) Compliance, Health Information Technology for Economic and Clinical Health (HITECH) Act, FIPS 140-2 compliance, Federal Information Processing Standard (FIPS) Publication 199, etc.);
- Oversee the coordination between the OQPS programs, the New York State Office of Information Technology Services (NYS ITS), and vendors, in Information Security Risk Assessment; Plan of Action, Vulnerability Remediation, Disaster Recovery and Incident Response
- Ensure required OQPS/APD security policy documents are developed, updated, and maintained as systems evolve and expand to accommodate needs and requirements;
- Ensure supporting OQPS/APD procedure documentation is in place defining account management, system monitoring, and support services of the APD environment (combination of vendors, OQPS, and NYS ITS documentation);
- Ensure applicable OQPS personnel, ranging from support staff to technical and executive staff, have been trained on security policies & procedures;
- Perform full range of supervisory responsibilities and other duties as assigned."
Additional Comments Candidates should be prepared to provide their degree/transcript upon interview
Work hours and telecommuting availability (50% maximum) for this position will be discussed during the interview process, and are subject to operational needs and the telecommuting application process
Some positions may require additional credentials or a background check to verify your identity.
Room 2217, Corning Tower, ESP
Notes on ApplyingSubmit resume, preferably in PDF format, by email to firstname.lastname@example.org, with Reference LAK/95000/CISO included in the subject line or by mail to Human Resources Management Group, LAK/95000/CISO Rm 2217, Corning Tower Building, Empire State Plaza, Albany, NY 12237-0012, or by fax to (518) 473-3395. Failure to include the required information may result in your resume not being considered for this position. Resumes will be accepted through June 17, 2022