Logo
New York eHealth Collaborative

New York eHealth Collaborative is hiring: Cybersecurity Compliance Analyst in Ci

New York eHealth Collaborative, City of Albany, NY, United States

Save Job

Join to apply for the Cybersecurity Compliance Analyst role at New York eHealth Collaborative

Pay Range

This range is provided by New York eHealth Collaborative. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

  • $70,000.00/yr - $90,000.00/yr
  • Manhattan, NY based candidate: $85,000 - $110,000
  • Albany, NY based candidate: $70,000 - $90,000

Position Summary

NYeC is seeking a Cybersecurity Compliance Analyst to play a key role in maintaining and strengthening NYeC’s information security and compliance posture within a healthcare data exchange environment. This role ensures that security controls, policies, and practices align with regulatory requirements, industry standards, and frameworks. The analyst collaborates across departments to assess risk, support audits, and drive continuous improvement in cybersecurity and compliance processes.

The role can be operated out of our Albany, NY or Manhattan, NY office on a hybrid schedule.

Primary Responsibilities

  • Support the ongoing HITRUST certification, including control implementation, documentation, and evidence gathering.
  • Supports general security control documentation and evidence gathering for regulatory frameworks and industry standards.
  • Participates in the creation/updating of enterprise security documents (policies, standards, baselines, guidelines and procedures).
  • Participates in the creation/updating of and monitoring compliance with NYeC’s Information Security Roadmap.
  • Monitors and ensures timely completion and implementation of remediation activities resulting from all required security risk assessments and tests, including HIPAA Security Risk Assessments and Business Continuity, Incident Response and Disaster Recovery plan testing.
  • Drafts NYeC’s required reports and contractual deliverables related to information security.
  • Ensures vendor contracts meet security requirements and benchmarks.
  • Assists in responding to information system security incidents, including investigation, containment, and recovery from computer-based attacks, unauthorized access, and policy breaches.
  • Analyzes and researches best practices in information security governance, including organizational policies, procedures, standards, baselines and guidelines for the use and operation of information systems.
  • Communicates security compliance requirements and updates to relevant stakeholders and departments.
  • Supports additional security and compliance initiatives as needed.
  • Other duties as assigned.

Experience and Skills

  • Bachelor’s degree in Information Security, Computer Science, or a related field. Advanced degree preferred.
  • A minimum of 5 years in information security or risk management, with a focus on security operations highly preferred.
  • Ability to research and draft information security policies and procedures, and recommend new information security technologies for implementation.
  • Strong attention to detail and excellent documentation skills to support audit trails and compliance evidence.
  • Experience supporting audits, certification assessments, and control documentation.
  • Familiarity with implementing regulatory requirements, cybersecurity industry frameworks and standards (HITRUST, HIPAA, MARS-E, FFIEC, NIST, CIS 20 critical controls, PCI-DSS, ISO 27001, etc.).
  • Understanding of cloud security controls and compliance in AWS and/or Azure environments.
  • Excellent communication skills and ability to collaborate across technical and non-technical teams.
  • Familiarity with healthcare data exchange standards and technologies (e.g., HL7, FHIR, HIE environments) a plus.
  • Working knowledge of cloud computing security principles; AWS, Azure.
  • Must be available after hours as needed.
  • Must be able to travel between NYeC offices as needed.

Preferred Certifications

  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
  • CompTIA Security+
  • CISSP (Certified Information Security System Professional)
  • CGRC (Certified in Governance, Risk & Compliance – ISC²)

Expectations of Employees

  • Employees work a hybrid in-office schedule. Expected to work from the office at least 1 day per week.
  • Must be able to travel between Manhattan and Albany as required.

SENIORITY LEVEL

  • Associate

EMPLOYMENT TYPE

  • Full-time

JOB FUNCTION

  • Information Technology, Administrative, and Research

INDUSTRIES

  • Hospitals and Health Care, Technology, Information and Media, and Data Infrastructure and Analytics

Benefits

  • Medical insurance
  • Vision insurance
  • 401(k)
  • Paid maternity leave
  • Paid paternity leave
  • Tuition assistance
  • Disability insurance

For more information about NYeC and to apply for this position, visit our website at https://www.nyehealth.org/careers/. We accept online applications only.

#J-18808-Ljbffr