Information Security Risk Manager/HIPAA Security Officer

Post #
Roswell Park Comprehensive Cancer Center
Information Security
Full-time; Days
Roswell Park offers a competitive salary and comprehensive benefits package.
Description of Duties

The Information Security Risk Manager/HIPAA Security Officer contributes to the security of Roswell Park by participating in or overseeing:
• Development of policies and procedures to prevent, detect, contain and correct breaches of ePHI and other sensitive information
• Development and implementation of training programs
• Lead internal policy and control audits
• Complete annual and ongoing Security Risk Assessments based on industry best practices and compliance with the Security Rule´s Technical, Physical and Administrative Safeguards.
• Oversee 3rd party risk management program
• Conduct internal risk assessments of new systems and applications
• Propose, develop and implement measures to reduce risk and vulnerabilities to a reasonable and appropriate level
• Incident management
• Oversee the security of the technical aspects of Business Associate Relationships
• Oversee compliance with PCI and other regulations as applicable
• Oversee other members of the Risk Management team and engage with other members of the Information Security Team
The Information Security Risk Manager/HIPAA Security Officer is also responsible for awareness of facility security as it relates to ePHI and the existence of a Disaster Recovery Plan. The Information Security Risk Manager/HIPAA Security Officer will work with users, technical groups, vendors, consultants, and Internal Auditors to accomplish the above. This person must be able to develop and implement flexible security solutions, dictated by the needs of a hybrid and rapidly evolving business environment. The individual must be a results-oriented person who can achieve tangible improvements in the corporate security arena. Excellent technical and communications skills are a must, as well as proven security leadership experience.


Applicants must possess a Bachelor’s degree in Computer Science, Information Systems or a related field and the equivalent of ten years of full-time experience in information security related hardware, software, processes, including threat intelligence and cybersecurity procedures, systems administration of Microsoft Windows, Unix and/or mainframe technologies. The preferred candidate will possess a CISSP, CRISC, or equivalent security certification and/or extensive experience with IT Security regulations, policy, procedures, systems, and tools. The preferred candidate will also possess excellent communication skills, both written and verbal and possess the ability to prioritize and manage multiple tasks and projects in a complex environment.

Pursuant to Executive Order 161, no State entity, as defined by the Executive Order, is permitted to ask, or mandate, in any form, that an applicant for employment provide his or her current compensation, or any prior compensation history, until such time as the applicant is extended a conditional offer of employment with compensation. If such information has been requested from you before such time, please contact the Governor’s Office of Employee Relations at (518) 474-6988 or via email at