Public Health Solutions
Company Overview
Public Health Solutions (PHS) is a 501(c)3 non‑profit community‑based organization with 70‑year history working to improve health equity and address health‑related social needs for historically underserved and marginalized communities. As the largest public health nonprofit serving New York City, PHS improves health outcomes by providing services directly to vulnerable families, supporting community‑based organizations through public‑private partnerships, and bridging the gap between health care and community services. We focus on public health issues including food and nutrition, health insurance, maternal and child health, sexual and reproductive health, tobacco control and HIV/AIDS. Learn more about our work at
healthsolutions.org .
PHS administers WholeYouNYC (WYNYC), a coordinated community resource network that builds reliable pathways between health care providers, health plans and CBOs. WYNYC partners with over 100 organizations offering programs such as food, housing, employment, health insurance and sexual health services across all five boroughs. These services make it possible for New Yorkers to live their healthiest lives and ultimately reduce health disparities.
New York State recently announced $500M statewide to support Social Care Network (SCN) lead entities. PHS and WYNYC were awarded the role of regional SCN for Brooklyn, Manhattan and Queens. This position is grant‑funded, ending March 31, 2027.
Position Summary The Information Security Manager serves as both a strategic leader and a hands‑on practitioner responsible for advancing the organization’s cybersecurity, risk management and compliance programs in accordance with NYS OHIP and HIPAA standards. The role provides day‑to‑day oversight of security operations, including monitoring, incident response and vulnerability management while also directly performing technical work within Microsoft 365, Azure and other enterprise systems. The Manager acts as a key liaison with the Security Operations Center (SOC), auditors and internal stakeholders to ensure the confidentiality, integrity and availability of organizational information and technology.
Essential Duties and Responsibilities Governance, Risk and Compliance
Maintain compliance with NYS OHIP, HIPAA Security practices and related NYS cybersecurity requirements.
Lead internal and external security assessments, audits and certification readiness activities.
Develop, update and enforce security policies, standards and procedures in collaboration with IT leadership.
Track and document risk remediation, exceptions and corrective action plans; ensure closure within established timeframes.
Provide evidence and reporting for regulatory, contractual and audit purposes.
Security Operations (Hands‑On)
Actively monitor and investigate alerts from SIEM and threat detection platforms (e.g., Microsoft Sentinel, Stellar Cyber).
Perform hands‑on triage, forensic analysis and root cause determination for incidents in coordination with the SOC.
Manage and fine‑tune security configurations within Microsoft 365 Security & Compliance Center, including DLP, retention, threat protection and auditing.
Oversee Azure identity protection, conditional access and cloud resource security configurations.
Conduct periodic reviews of user privileges, MFA enforcement and system baselines.
Support vulnerability scanning, patch verification and endpoint protection efforts.
Leadership and Collaboration
Supervise Information Security Analysts and provide technical guidance, mentorship and workload prioritization.
Serve as an escalation point for incident response and compliance inquiries.
Partner with infrastructure, applications and compliance teams to align controls with organizational needs.
Coordinate with third‑party vendors, the SOC and auditors to support investigations, testing and reporting.
Prepare and present reports and risk metrics to the Director of IT and senior management.
Perform other duties as assigned.
Qualifications and Experience
Bachelor’s degree in information security, computer science or related field; or equivalent combination of education and experience.
Minimum of five (5) years of progressively responsible experience in information security or IT risk management, including at least two (2) years in a supervisory or lead capacity.
Hands‑on experience with Microsoft 365 Security & Compliance Center, Azure Security Center / Defender for Cloud, SIEM tools (e.g., Sentinel, Stellar Cyber) and incident response and forensic analysis.
Working knowledge of HITRUST, OHIP NYS and HIPAA compliance frameworks.
Strong ability to produce audit‑ready documentation, reports and technical summaries.
Excellent analytical, communication and organizational skills.
Preferred Qualifications
Certifications such as CISSP, CISM, Security+, Microsoft Certified: Security Operations Analyst Associate, or HITRUST CCSFP.
Experience in public health, nonprofit or other regulated environments.
Familiarity with NIST CSF, NIST SP 800‑53 and CIS Benchmarks.
Reports To Deputy Director of Information Systems
Direct Reports The position has no direct reports.
Benefits
Hybrid Work Schedule
Generous Paid Time Off and Holidays
Medical, Dental and Vision coverage
Flexible Spending Accounts and Commuter Benefits
Company‑Paid Life Insurance and Disability Coverage
403(b) with employer matching and discretionary company contributions
College Savings Plan
Ongoing training and continuous opportunities for professional growth and development
At PHS, we place immense value on diversity within our teams, understanding that varied backgrounds and experiences significantly enhance our community and propel us toward our goals. If you find you don’t have experience in all the areas listed above, we still encourage you to apply and share your background and experiences in your application. We are eager to discover how your unique perspective can bring positive transformations to our team and help advance our mission of creating healthier, more equitable communities.
PHS is proud to be an equal‑opportunity employer and encourages applications from women, people of color, persons with disabilities, LGBTQIA+ individuals and veterans.
Schedule: 9 am to 5 pm, 35 hours per week
Base pay range: $115,000.00/yr – $115,000.00/yr
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
Industries: Non‑profit Organizations
#J-18808-Ljbffr
healthsolutions.org .
PHS administers WholeYouNYC (WYNYC), a coordinated community resource network that builds reliable pathways between health care providers, health plans and CBOs. WYNYC partners with over 100 organizations offering programs such as food, housing, employment, health insurance and sexual health services across all five boroughs. These services make it possible for New Yorkers to live their healthiest lives and ultimately reduce health disparities.
New York State recently announced $500M statewide to support Social Care Network (SCN) lead entities. PHS and WYNYC were awarded the role of regional SCN for Brooklyn, Manhattan and Queens. This position is grant‑funded, ending March 31, 2027.
Position Summary The Information Security Manager serves as both a strategic leader and a hands‑on practitioner responsible for advancing the organization’s cybersecurity, risk management and compliance programs in accordance with NYS OHIP and HIPAA standards. The role provides day‑to‑day oversight of security operations, including monitoring, incident response and vulnerability management while also directly performing technical work within Microsoft 365, Azure and other enterprise systems. The Manager acts as a key liaison with the Security Operations Center (SOC), auditors and internal stakeholders to ensure the confidentiality, integrity and availability of organizational information and technology.
Essential Duties and Responsibilities Governance, Risk and Compliance
Maintain compliance with NYS OHIP, HIPAA Security practices and related NYS cybersecurity requirements.
Lead internal and external security assessments, audits and certification readiness activities.
Develop, update and enforce security policies, standards and procedures in collaboration with IT leadership.
Track and document risk remediation, exceptions and corrective action plans; ensure closure within established timeframes.
Provide evidence and reporting for regulatory, contractual and audit purposes.
Security Operations (Hands‑On)
Actively monitor and investigate alerts from SIEM and threat detection platforms (e.g., Microsoft Sentinel, Stellar Cyber).
Perform hands‑on triage, forensic analysis and root cause determination for incidents in coordination with the SOC.
Manage and fine‑tune security configurations within Microsoft 365 Security & Compliance Center, including DLP, retention, threat protection and auditing.
Oversee Azure identity protection, conditional access and cloud resource security configurations.
Conduct periodic reviews of user privileges, MFA enforcement and system baselines.
Support vulnerability scanning, patch verification and endpoint protection efforts.
Leadership and Collaboration
Supervise Information Security Analysts and provide technical guidance, mentorship and workload prioritization.
Serve as an escalation point for incident response and compliance inquiries.
Partner with infrastructure, applications and compliance teams to align controls with organizational needs.
Coordinate with third‑party vendors, the SOC and auditors to support investigations, testing and reporting.
Prepare and present reports and risk metrics to the Director of IT and senior management.
Perform other duties as assigned.
Qualifications and Experience
Bachelor’s degree in information security, computer science or related field; or equivalent combination of education and experience.
Minimum of five (5) years of progressively responsible experience in information security or IT risk management, including at least two (2) years in a supervisory or lead capacity.
Hands‑on experience with Microsoft 365 Security & Compliance Center, Azure Security Center / Defender for Cloud, SIEM tools (e.g., Sentinel, Stellar Cyber) and incident response and forensic analysis.
Working knowledge of HITRUST, OHIP NYS and HIPAA compliance frameworks.
Strong ability to produce audit‑ready documentation, reports and technical summaries.
Excellent analytical, communication and organizational skills.
Preferred Qualifications
Certifications such as CISSP, CISM, Security+, Microsoft Certified: Security Operations Analyst Associate, or HITRUST CCSFP.
Experience in public health, nonprofit or other regulated environments.
Familiarity with NIST CSF, NIST SP 800‑53 and CIS Benchmarks.
Reports To Deputy Director of Information Systems
Direct Reports The position has no direct reports.
Benefits
Hybrid Work Schedule
Generous Paid Time Off and Holidays
Medical, Dental and Vision coverage
Flexible Spending Accounts and Commuter Benefits
Company‑Paid Life Insurance and Disability Coverage
403(b) with employer matching and discretionary company contributions
College Savings Plan
Ongoing training and continuous opportunities for professional growth and development
At PHS, we place immense value on diversity within our teams, understanding that varied backgrounds and experiences significantly enhance our community and propel us toward our goals. If you find you don’t have experience in all the areas listed above, we still encourage you to apply and share your background and experiences in your application. We are eager to discover how your unique perspective can bring positive transformations to our team and help advance our mission of creating healthier, more equitable communities.
PHS is proud to be an equal‑opportunity employer and encourages applications from women, people of color, persons with disabilities, LGBTQIA+ individuals and veterans.
Schedule: 9 am to 5 pm, 35 hours per week
Base pay range: $115,000.00/yr – $115,000.00/yr
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
Industries: Non‑profit Organizations
#J-18808-Ljbffr