*As required under NYC Human Rights Law Int 1208-2018 - Salary range for this role when Hired for NYC Offices Position Summary
The Information Security Risk Analyst I will be a part of a fast growing security team and will be responsible for supporting and improving the regulatory and information security policy compliance initiatives at Weill Cornell Medicine using a risk-based methodology. This position will work closely with the security analysts, engineers, and architects to conduct risk assessments for new and existing technologies, enhance the institution's security awareness campaigns, review existing policies and procedures, and respond to compliance alerts, among other items.
Maintains an awareness of the regulatory environment as it relates to Weill Cornell Medicine's mission.
Regularly reviews and assists in maintaining cybersecurity policies, standards, and procedures and fulfilling auditing requirements as needed.
Monitors and reports on compliance and vulnerability metrics; delivers reports as needed for management review.
Supports continuity across security and privacy practices and procedures in collaboration with the Chief Information Security Officer, Compliance & Privacy Office, Human Resources, Office of General Counsel, and Cornell University Policy Office.
Performs risk assessments and gap analyses for information systems and programs, identifies foreseeable internal and external risks to security, and delivers recommendation reports for risk management.
Reviews technology platforms, including operating systems, applications, network devices, and vendors to ensure compliance with established best practices and organizational policies.
Assists in investigating and responding to security compliance incidents, including forensic investigations and electronic discovery cases.
Creates content for the institution's security awareness campaigns.
Evangelizes security and secure practices while promoting and maintaining a favorable and positive work environment for yourself and others to assist in Weill Cornell Medicine's overall mission.
Perform other related duties as assigned.
Experience with information security frameworks and related regulations, such as NIST Cybersecurity Framework, ISO 27001, HIPAA, HITECH, HITRUST, FERPA, and PCI.
Strong non-technical understanding of a variety of incidents and attack vectors, such as network intrusions, web-based attacks, malicious emails, root- and user-level compromises, malware, botnet infections, and other anomalous activity.
Two or more years of security-related work or internship experience.
Healthcare industry experience and knowledge of computer-based patient records systems and various protocols relative to privacy and confidentiality of health information.
Strong understanding of the legal aspects of data acquisitions and electronic discovery.
Comfortable working with technologies at all levels of the OSI model.
Fluency in navigating and using macOS, Red Hat Linux, and/or Windows operating systems.
Knowledge, Skills and Abilities
Knowledge of risk analysis and development of security systems and protocols.
Excellent written and verbal communication skills, on both technical and non-technical topics
Knowledge of auditing process, including techniques relative to auditing and problem resolution.
Strong knowledge of IT infrastructure technologies and protocols.
Strong conceptual thinking, verbal, and communication skills.
Ability to create and present diagrams, reports, and presentations for technical and non-technical audiences. Ability to produce professional-level documentation and reporting using Microsoft Office.
Ability to think outside the box in terms of designing systems and solutions.
Ability to think critically and make decisions independently.
Must be able to work in a very demanding and high-pressure environment.
Licenses and Certifications
Information security certifications, such as Security+, CEH, GIAC, or SCCP
Working Conditions/Physical Demands
Ability to deliver under tight deadlines and work off-hours as needed.
Weill Cornell Medicine is a comprehensive academic medical center that is committed to excellence in patient care, scientific discovery, and the education of future physicians and scientists in New York City and around the world. Our doctors and scientists - faculty from Weill Cornell Medical College, Weill Cornell Graduate School of Medical Sciences, and the Weill Cornell Physician Organization - are engaged in world-class clinical care and cutting-edge research that connect patients to the latest treatment innovations and prevention strategies. Located in the heart of the Upper East Side's scientific corridor, Weill Cornell Medicine's powerful network of collaborators extends to its parent university Cornell University; to Qatar, where an international campus offers a U.S. medical degree; and to programs in Tanzania, Haiti, Brazil, Austria and Turkey. Our medical practices serve communities throughout New York City, and our faculty provide comprehensive care at NewYork-Presbyterian Hospital/Weill Cornell Medical Center, NewYork-Presbyterian/Lower Manhattan Hospital, NewYork-Presbyterian Hospital/Brooklyn Methodist Hospital, NewYork-Presbyterian Hospital/Westchester Behavioral Health Center, and NewYork-Presbyterian/Queens. At Weill Cornell Medicine, we work together to treat each individual, not just their conditions or illnesses, as we strive to deliver the finest possible care for our patients - the center of everything we do. Weill Cornell Medicine is an Equal Employment Opportunity Employer. Weill Cornell Medicine provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, or genetic information.
Weill Cornell Medicine is a global healthcare leader known for the world-class patient care, cutting-edge research and top-ranked education. Every day, the employees of Weill Cornell Medicine improve lives across the city and around the globe. They help patients stay well, and our benefits and programs aim to help our employees and their families stay well by supporting their physical, financial, and professional health.