Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.
Note: For questions about the job posting, please contact the agency that posted this position by using the contact information provided on the "Contact" tab for the position.

Review Vacancy

Date Posted 07/29/22

Applications Due08/26/22

Vacancy ID109565

AgencyHealth, Department of

TitleChief Information Security Officer - 95000

Occupational CategoryOther Professional Careers

Salary Grade662

Bargaining UnitM/C - Management / Confidential (Unrepresented)

Salary RangeFrom $91365 to $115490 Annually

Employment Type Full-Time

Appointment Type Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Workweek Mon-Fri

"Other" Explanation Evenings and weekends as needed.

Hours Per Week 37.5


From 9 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? Yes

Compressed workweek allowed? Yes

Telecommuting allowed? Yes

County Albany

Street Address Office of Quality and Patient Safety/Center for Health Data Innovation

Corning Tower, Empire State Plaza

City Albany


Zip Code12237

Minimum Qualifications Bachelor’s degree* and five years of information technology experience, including three years of information security or information assurance experience.
*Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.

Preferred Qualifications: Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA).; Experience with All payer security and privacy requirements, as well as relevant National Institute of Standards and Technology (NIST) security standards and Security Policies & Standards required by CMS (Medicaid, Medicare, Children’s Health Insurance Program) such as MARS-E 2.0 SSP, NIST SP 800-111, NIST SP 800-53, HIPAA, HITECH, FIPS 140-2, FIPS199, etc; Excellent interpersonal, written, and verbal communications skills; Excellent analytical and problem-solving skills; Experience presenting to executives and leadership teams, with the ability to communicate security and risk-related concepts.

Duties Description The CISO 1 position will work within the Center for Health Data Innovation and will ensure essential security risk management, compliance and oversight of the All Payer Database (APD) and other data systems in Office of Quality and Patient Safety (OQPS). Because the APD integrated with multiple independent systems and supported by multiple vendors, the CISO 1 will be responsible for overseeing a growing portfolio of systems that support transfer, intake, processing, and storing, of health care information.

The CISO 1 will be responsible for overseeing the implementation of State and national cyber security standards and policies in the APD; implementing security controls to ensure the confidentiality, integrity, and availability of the NYS data in the APD; and coordinating risk assessment analysis, vulnerability remediation and cyber incident response to the APD, Statewide Planning and Research Cooperative System (SPARCS), Vital Statistics (VS), Medicaid Data Mart, Health Data NY programs, data intake systems, and public and commercial health insurance program enrollment and term segment information, and COVID Registry.

Duties include, but are not limited to:
- Develop, maintain, and assure information security and risk management, and compliance with policies, standards, protocols and best practices and create and facilitate cyber security risk assessment processes, including oversight and reporting on remediation efforts for APD and other associated systems in OQPS.
- Collaborate with OQPS program managers to identify and understand the information assets in APD that support critical business functions and manage related cybersecurity risks in a manner consistent with the OQPS’s overall cybersecurity risk management strategy and business objectives.
- Ensure APD security and privacy controls are implemented to comply with all applicable New York State Security Policies & Standards; relevant National Institute of Standards and Technology (NIST) security standards and Security Policies & Standards as required by CMS (Medicaid, Medicare, Children’s Health Insurance Program) and to ensure compliance required to retain federal funding of the APD;
- Ensure compliance with a system security plan (SSP) that meets national standards and policies (such as CMS’ Minimum Acceptable Risk Standards for Exchanges (MARS-E) Version 2.0 SSP, NIST Special Publication (SP) 800-111, NIST SP 800-53, Health Insurance Portability and Accountability Act (HIPAA) Compliance, Health Information Technology for Economic and Clinical Health (HITECH) Act, FIPS 140-2 compliance, Federal Information Processing Standard (FIPS) Publication 199, etc.);
- Oversee the coordination between the OQPS programs, the New York State Office of Information Technology Services (NYS ITS), and vendors, in Information Security Risk Assessment; Plan of Action, Vulnerability Remediation, Disaster Recovery and Incident Response
- Ensure required OQPS/APD security policy documents are developed, updated, and maintained as systems evolve and expand to accommodate needs and requirements;
- Ensure supporting OQPS/APD procedure documentation is in place defining account management, system monitoring, and support services of the APD environment (combination of vendors, OQPS, and NYS ITS documentation);
- Ensure applicable OQPS personnel, ranging from support staff to technical and executive staff, have been trained on security policies & procedures;
- Perform full range of supervisory responsibilities and other duties as assigned."

Additional Comments Benefits of Working for NYS
Generous benefits package, worth 65% of salary, including:
Holiday & Paid Time Off
• Thirteen (13) paid holidays annually
• Up to Thirteen (13) days of paid vacation leave annually
• Up to Five (5) days of paid personal leave annually
• Up to Eight (8) days of paid sick leave annually for M/C
• Up to three (3) days of professional leave annually to participate in professional development

Health Care Benefits
• Eligible employees and dependents can pick from a variety of affordable health insurance programs
• Family dental and vision benefits at no additional cost

Additional Benefits
• New York State Employees’ Retirement System (ERS) Membership
• NYS Deferred Compensation
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
• Public Service Loan Forgiveness (PSLF)
• And many more..

*Work hours and telecommuting availability (50% maximum) for this position will be discussed during the interview process, and are subject to operational needs and the telecommuting application process

Candidates should be prepared to provide their degree/transcript upon interview

Some positions may require additional credentials or a background check to verify your identity.

Name Human Resources Management Group - LAK/95000/CISO

Telephone 5184861812

Fax (518)473-3395

Email Address


Street Human Resources Management Group, -

Room 2217, Corning Tower, ESP

City Albany

State NY

Zip Code 12237


Notes on ApplyingSubmit resume, preferably in PDF format, by email to, with Reference LAK/95000/CISO included in the subject line or by mail to Human Resources Management Group, LAK/95000/CISO Rm 2217, Corning Tower Building, Empire State Plaza, Albany, NY 12237-0012, or by fax to (518) 473-3395. Failure to include the required information may result in your resume not being considered for this position. Resumes will be accepted through August 26, 2022

Printable Version