New York Blood Center
Join to apply for the
Director Information Security
role at
New York Blood Center
Founded in 1964,
New York Blood Center (NYBC)
has served the tri‑state area for more than 60 years, delivering 500,000 lifesaving blood products annually to 150+ hospitals, EMS and healthcare partners. NYBC is part of
New York Blood Center Enterprises (NYBCe) , which spans 17+ states and delivers one million blood products to 400+ U.S. hospitals annually. NYBCe additionally delivers cellular therapies, specialty pharmacy, and medical services to 200+ research, academic and biopharmaceutical organizations. NYBC’s
Lindsley F. Kimball Research Institute
is a leader in hematology and transfusion medicine research, dedicated to the study, prevention, treatment and cure of bloodborne and blood‑related diseases. NYBC serves as a vital community lifeline dedicated to helping patients and advancing global public health.
Responsibilities
Lead and coordinate enterprise incident response activities, including investigation, containment, eradication, recovery, and lessons learned for all security events and breaches.
Develop and maintain incident response playbooks, tabletop exercises, and metrics to continuously improve detection and response capabilities.
Oversee the Information Security team’s daily operations, ensuring effective monitoring, alerting, and escalation for threats, vulnerabilities, and suspicious activity.
Partner with Network and Infrastructure teams to strengthen security architecture, enhance system resiliency, and ensure secure configuration management.
Implement and enforce security standards, controls, and procedures in alignment with organizational and regulatory requirements.
Conduct and direct security risk assessments, vulnerability management programs, and remediation efforts.
Develop and maintain business continuity and disaster recovery plans in collaboration with IT Infrastructure and Business Continuity teams.
Collaborate with internal and external stakeholders to manage third‑party risk assessments, ensuring vendors meet enterprise security standards.
Support ongoing compliance with applicable cybersecurity frameworks (e.g., NIST, HIPAA, PCI, ISO 27001) and organizational policies.
Provide leadership in security awareness and training programs for employees, focusing on cyber hygiene, phishing prevention, and data protection.
Report regularly on key security metrics, incident trends, and program improvements to the Executive Director and senior IT leadership.
Support enterprise information security operations within a 24/7 environment, maintaining availability to respond to security incidents, operational needs, or emergencies.
Contribute to enterprise‑wide IT governance, risk, and compliance efforts.
Recommend enhancements to security tools, systems, and processes.
Participate in professional development and industry networking activities to maintain current knowledge of emerging threats and best practices.
Perform other related duties as assigned.
Qualifications Education
Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or a related field required.
Master’s Degree preferred.
Experience
Minimum of 8–10 years of experience in information security or related IT disciplines, with at least two (2) years of team leadership or supervisory experience.
Demonstrated experience in incident response, vulnerability management, or enterprise security operations is required.
Licenses / Certification
One or more of the following certifications is strongly preferred: CISSP, CISM, CISA, GIAC (GCIH, GCIA, or GCFA), CEH, or PMP.
Knowledge
Deep understanding of information security principles, frameworks, and best practices.
Working knowledge of threat detection, analysis, and response tools (e.g., SIEM, EDR, IDS/IPS).
Familiarity with network security, cloud security, and system hardening practices.
Understanding of risk management methodologies and compliance standards (NIST CSF, HIPAA, PCI, ISO).
Skills
Cultural competency and the ability to communicate effectively in a culturally sensitive manner with both individuals and groups from diverse backgrounds.
Strong leadership and team management skills, including coaching and performance development.
Skilled in strategic planning and execution of operational security initiatives.
Exceptional written and verbal communication skills, with the ability to brief executives clearly.
High attention to detail and ability to handle confidential and sensitive information responsibly.
Strong project management and organizational skills, with the ability to prioritize multiple initiatives.
Abilities
Excellent analytical, problem‑solving, and decision‑making abilities.
Ability to manage complex security incidents and communicate technical issues in business terms.
Ability to collaborate effectively across cross‑functional teams and external partners.
Demonstrated ability to work in a fast‑paced, dynamic environment and respond quickly to emerging threats.
Any combination of education, training and experience equivalent to the requirements above that has supplied the necessary knowledge, skills, and experience to perform the essential functions of the job.
Salary Base pay range: $190,000.00/yr - $200,000.00/yr
#J-18808-Ljbffr
Director Information Security
role at
New York Blood Center
Founded in 1964,
New York Blood Center (NYBC)
has served the tri‑state area for more than 60 years, delivering 500,000 lifesaving blood products annually to 150+ hospitals, EMS and healthcare partners. NYBC is part of
New York Blood Center Enterprises (NYBCe) , which spans 17+ states and delivers one million blood products to 400+ U.S. hospitals annually. NYBCe additionally delivers cellular therapies, specialty pharmacy, and medical services to 200+ research, academic and biopharmaceutical organizations. NYBC’s
Lindsley F. Kimball Research Institute
is a leader in hematology and transfusion medicine research, dedicated to the study, prevention, treatment and cure of bloodborne and blood‑related diseases. NYBC serves as a vital community lifeline dedicated to helping patients and advancing global public health.
Responsibilities
Lead and coordinate enterprise incident response activities, including investigation, containment, eradication, recovery, and lessons learned for all security events and breaches.
Develop and maintain incident response playbooks, tabletop exercises, and metrics to continuously improve detection and response capabilities.
Oversee the Information Security team’s daily operations, ensuring effective monitoring, alerting, and escalation for threats, vulnerabilities, and suspicious activity.
Partner with Network and Infrastructure teams to strengthen security architecture, enhance system resiliency, and ensure secure configuration management.
Implement and enforce security standards, controls, and procedures in alignment with organizational and regulatory requirements.
Conduct and direct security risk assessments, vulnerability management programs, and remediation efforts.
Develop and maintain business continuity and disaster recovery plans in collaboration with IT Infrastructure and Business Continuity teams.
Collaborate with internal and external stakeholders to manage third‑party risk assessments, ensuring vendors meet enterprise security standards.
Support ongoing compliance with applicable cybersecurity frameworks (e.g., NIST, HIPAA, PCI, ISO 27001) and organizational policies.
Provide leadership in security awareness and training programs for employees, focusing on cyber hygiene, phishing prevention, and data protection.
Report regularly on key security metrics, incident trends, and program improvements to the Executive Director and senior IT leadership.
Support enterprise information security operations within a 24/7 environment, maintaining availability to respond to security incidents, operational needs, or emergencies.
Contribute to enterprise‑wide IT governance, risk, and compliance efforts.
Recommend enhancements to security tools, systems, and processes.
Participate in professional development and industry networking activities to maintain current knowledge of emerging threats and best practices.
Perform other related duties as assigned.
Qualifications Education
Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or a related field required.
Master’s Degree preferred.
Experience
Minimum of 8–10 years of experience in information security or related IT disciplines, with at least two (2) years of team leadership or supervisory experience.
Demonstrated experience in incident response, vulnerability management, or enterprise security operations is required.
Licenses / Certification
One or more of the following certifications is strongly preferred: CISSP, CISM, CISA, GIAC (GCIH, GCIA, or GCFA), CEH, or PMP.
Knowledge
Deep understanding of information security principles, frameworks, and best practices.
Working knowledge of threat detection, analysis, and response tools (e.g., SIEM, EDR, IDS/IPS).
Familiarity with network security, cloud security, and system hardening practices.
Understanding of risk management methodologies and compliance standards (NIST CSF, HIPAA, PCI, ISO).
Skills
Cultural competency and the ability to communicate effectively in a culturally sensitive manner with both individuals and groups from diverse backgrounds.
Strong leadership and team management skills, including coaching and performance development.
Skilled in strategic planning and execution of operational security initiatives.
Exceptional written and verbal communication skills, with the ability to brief executives clearly.
High attention to detail and ability to handle confidential and sensitive information responsibly.
Strong project management and organizational skills, with the ability to prioritize multiple initiatives.
Abilities
Excellent analytical, problem‑solving, and decision‑making abilities.
Ability to manage complex security incidents and communicate technical issues in business terms.
Ability to collaborate effectively across cross‑functional teams and external partners.
Demonstrated ability to work in a fast‑paced, dynamic environment and respond quickly to emerging threats.
Any combination of education, training and experience equivalent to the requirements above that has supplied the necessary knowledge, skills, and experience to perform the essential functions of the job.
Salary Base pay range: $190,000.00/yr - $200,000.00/yr
#J-18808-Ljbffr