Lead IT Security Analyst
NYU Langone Hospitals
- New York, New York, United States
- New York, New York, United States
About
Position Summary Lead IT Security Analyst.
This position reports to the IT Controls & Regulatory Compliance Manager and serves as a senior individual contributor and subject matter expert responsible for leading enterprise risk assessments and evaluating the security of modern technology environments, including cloud-based platforms. The IT Controls Lead drives the design, execution, and continuous improvement of the organization’s risk assessment program to ensure compliance with regulatory and industry requirements, including HIPAA, HITRUST, PCI DSS, and FISMA. This role partners closely with IT, Security, Clinical, Research, and Compliance stakeholders to assess risk across enterprise systems, research technologies, and cloud infrastructure, and to ensure that security controls are appropriately designed and operating effectively.
Enterprise Risk Assessment Leadership
Lead the execution and maturation of the enterprise risk assessment program aligned to regulatory and industry frameworks
Conduct and oversee complex risk assessments, including HIPAA and HITRUST‑aligned evaluations
Define and maintain risk assessment methodologies, scoring models, and standards
Identify, analyze, and document risks, and develop actionable remediation strategies
Cloud Security & Technology Risk Evaluation
Lead security assessments of cloud and hybrid environments (e.g., IaaS, PaaS, SaaS)
Evaluate key control domains, including identity and access management, network architecture and segmentation, logging, monitoring, and detection capabilities, and data protection and encryption
Assess alignment to frameworks such as HITRUST, PCI, NIST Cybersecurity Framework, and ISO/IEC 27001
Partner with engineering and security teams to validate that controls are effectively implemented in real‑world environments
Research Technology & Clinical Risk Oversight
Lead security and risk reviews of research technologies and data use cases, including systems handling sensitive or regulated data
Partner with clinical and research stakeholders to evaluate emerging technologies and ensure appropriate risk controls are in place
Provide guidance on secure design and data protection strategies
Cross‑Functional Leadership & Escalation
Serve as a senior escalation point for complex or high‑risk assessments across enterprise systems, third‑party/vendor solutions, and cloud and research environments
Provide subject matter expertise and mentorship to team members supporting assessments and compliance activities
Influence decision‑making across stakeholders without direct authority
Regulatory & Audit Support
Support internal and external audit activities by providing subject matter expertise, documentation, and control validation
Ensure risk assessments and control evaluations align with regulatory expectations and audit requirements
Partner with the IT Controls Manager on audit responses and remediation planning
Program Improvement & Innovation
Identify opportunities to enhance assessment processes, tooling, and automation
Contribute to development of metrics, dashboards, and reporting to measure risk posture and program effectiveness
Drive continuous improvement in how risk is identified, assessed, and managed across the enterprise
Minimum Qualifications
10 or more years of experience in a similar role
BA/BS degree or equivalent
Preferred Qualifications
Advanced degree desirable
Strong communication skills to effectively interact with all levels of the organization
NYU Langone Health is an equal opportunity employer and is committed to inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration.
#J-18808-Ljbffr
Languages
- English
Notice for Users
This job comes from a TieTalent partner platform. Click "Apply Now" to submit your application directly on their site.