EITS Security Architect

job summary:

We are seeking an enterprise-level EITS Security Architect to serve as the critical bridge between the CISO's strategic vision and the technical execution of our IT engineering and administration teams. Operating within the Information Security and Risk Management team, you will act as a subject matter expert ensuring robust security controls, risk mitigation, and strict compliance with HIPAA, NIST CSF, ISO27001, and state privacy laws across multiple healthcare business units.

location: New York, New York

job type: Contract

salary: $100 - 110 per hour

work hours: 9am to 5pm

education: Bachelors



responsibilities:

General Tasks and Responsibilities Will Include: - Lead and coach on the definition of security architecture, including the development and implementation of effective security administration processes for all platforms. - Actively engage in security architecture solutioning within key pre-implementation systems - Identify and implement emerging data access control technologies, information systems security issues, safeguards, and techniques. - Perform security reviews and identify security gaps in security architecture, resulting in recommendations for inclusion into the risk mitigation strategy

- Provide Security Architecture guidance to Senior EITS Management within NYC Health + Hospitals and engage with multiple cross functional teams - Conduct application vulnerability scans, recognize vulnerabilities in security systems, and design countermeasures to identified security risks - Design security controls based on information assurance (IA) principles and tenets

- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

- Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements

- Keep informed on current threats and industry regulations.

qualifications:

Knowledgeable In:

- Strong Knowledge of infrastructure, application and security protocols in addition to configuration management techniques and risk management/compliance/audit standards

- Deep knowledge of HIPAA/HITECH, NIST CSF, ISO27001/27002 and PCI-DSS Standards and Requirements - Knowledge of encryption algorithms - Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins - Knowledge of network security architecture concepts, including topology, protocols, components, principles (e.g. application of defense-in-depth), and traffic flows across the network (e.g. TCP & TCP/IP, OSI, etc.)

- Experience working with network access, identity, and access management (e.g. Active Directory, access federation, multifactor authentication, PKI) - Experience working with operating systems (Microsoft Windows, Linux, UNIX, MacOS X) - Knowledge of security management and secure configuration management techniques - Knowledge of software engineering - Skill in assessing the robustness of security systems and designs and determining how it should work (including its resilience and dependability capabilities) - Knowledge of IT supply chain security/risk management policies, requirements, and procedures

Other Preferred Skills:

- Must possess a high degree of integrity and trust along with the ability to work independently

- Participate in special projects as needed and perform other duties as assigned

- Must be able to work independently as well as work as part of a fast-moving team

- Must be able to work at various locations when necessary along with working various shifts

Educational Level:

- A bachelor's degree in information systems

- CISSP, CISM, GSEC, CEH, or other relevant security qualification

Years of Experience:

- A minimum of ten years of IT experience, with at least 7 years dedicated to IT/Cyber Security, including Solution Design

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.