<p>About Us:</p> <p>NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.</p> <p>About the Role:</p> <p>As a senior consultant on the Cybersecurity and Data Privacy team, you will collaborate with team members to support our clients as you expand your knowledge related to assessing and securing cloud-based solutions, application protocol interfaces (APIs) and artificial intelligence (AI) technologies.</p> <p>NYSTEC is considered a trusted advisor, providing cybersecurity subject matter expertise and program operations support for our clients. Your day-to-day role as a NYSTEC consultant will involve providing support for our client's security program.</p> <p>Our client's security program oversees vendor- and data-consuming-entity security compliance, including security control analysis. Cybersecurity team members also support security program elements, such as incident response, vulnerability management, and anti-phishing efforts.</p> <p>This position is expected to be performed on-site in Albany, NY.</p> <p>Key Responsibilities:</p> <ul> <li>Integrating identity and access management, such as NY.Gov ID, into client system initiatives. </li><li>Preparing and delivering summaries, reports, and presentations to communicate complex technical security and privacy information, and make actionable recommendations to both technical and nontechnical stakeholders. </li><li>Assisting with developing and maturing API and AI security standards. </li><li>Coordinating with the web and application security testing team. </li><li>Ensuring regulatory compliance with the Health Insurance Portability and Accountability Act (HIPAA), Centers for Medicare & Medicaid Services (CMS) Acceptable Risk Safeguards (ARS), New York State standards and policies, and National Institute of Standards and Technology (NIST) Special Publication 800-53. </li><li>Conducting security compliance assessments. </li><li>Preparing security documentation and policies. </li><li>Supporting audits and CMS reviews. </li></ul> <p>About You:</p> <p>Required Qualifications</p> <ul> <li>Excellent work ethic, critical thinking, analytic, and problem-solving skills. </li><li>Clear and concise written and verbal communication skills. </li><li>Diplomacy and stakeholder relationship development and management skills. </li><li>Sound operational technical background. </li><li>Knowledge of, and experience with, implementing NIST 800-53 controls and an understanding of the IT security processes behind those controls. </li><li>Ability to assess IT risk in a client's environment and a desire to learn NIST 800-30 style risk assessments. </li><li>Security certification from an accredited organization, such as ISC2. </li></ul> <p>Preferred/Desired Qualifications</p> <ul> <li>Skills across multiple security domains. </li><li>Experience with privacy programs, requirements, and controls. </li><li>Knowledge of the New York State Medicaid program, its systems, data, and uses. </li><li>Expertise in public health, health information, or security and privacy policies and standards, such as NIST 800-53 and CMS ARS. </li><li>Expertise with identity and access systems and modern protocols, such as Security Assertion Markup Language (SAML), Open Authorization (OAuth), OpenID Connect, multi-factor authentication (MFA), etc. </li><li>Experience with vulnerability assessments of cloud services and infrastructure. </li><li>Familiarity with the secure software development life cycle (SSDLC) and technologies and the causes of vulnerabilities </li><li>Ability to articulate risk and mitigation strategies to clients in written and verbal communications. </li><li>A background in software development or system administration. </li></ul> <p>Education and Experience</p> <ul> <li>A bachelor's degree and five to seven years of experience in an operational or information security role. </li><li>An equivalent combination of advanced education, training, and experience (e.g., relevant classwork or outside training and security certifications) may be considered. </li></ul> <p>The target base salary for this position is $84,497.00 to $109,846.00 per year. When determining compensation, we analyze and carefully consider several factors, including skill set, experience, location, and job-related qualifications.</p> <p>It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.</p> <p>Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.</p> <p>Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.</p> <p>Learn more about NYSTEC by visiting www.nystec.com.</p>