Information Security Risk Analyst
Performs information security risk assessments of applications, hardware, hosted/cloud solutions and third party vendors; audits the computer network defense to identify relevant threats; coordinates with other departments for security remediation projects; is involved in reviews of incidents and breaches and develops solutions and recommendations as to the corrective actions for security issues; assists in internal design and effectiveness audits; participates in policy review; and strengthens and improves Roswell Park’s information security posture and ensures regulatory compliance with the Health Information Portability and Accountability Act (HIPAA), National Institute of Standards and Technology (NIST) and Payment Card Industry (PCI) standards.
The applicant must have a Bachelor’s degree in Computer Science or a related field and two years of full-time experience in Information Security, or a Bachelor’s degree in Information Security or a related field. The preferred candidate will have an Information Security related certification (e.g. Security , ISC2 Associate, GIAC Security Essentials (GSEC), Certified Ethical Hacker (CEH)), knowledge of HIPAA or other industry regulations and experience in analyzing security of a system or vendor.
Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor’s Office of Employee Relations at (518) 474-6988 or via email at email@example.com.