Project Coordinator - Information Security Officer

NY HELP No Agency Health, Department of Title Project Coordinator - Information Security Officer Occupational Category I.T. Engineering, Sciences Salary Grade NS Bargaining Unit PS&T - Professional, Scientific, and Technical (PEF) Salary Range From $103784 to $127830 Annually Employment Type Full-Time Appointment Type Temporary Jurisdictional Class Competitive Class Travel Percentage 0% Workweek Mon-Fri Hours Per Week 40 Workday From 8 AM To 4:30 PM Flextime allowed? No Mandatory overtime? No Compressed workweek allowed? No Telecommuting allowed? No County Rockland Street Address 51-55 Route 9W City West Haverstraw State NY Zip Code 10993 Duties Description This position will matrix report to the Project Director and DOH Chief Information Security Officer (CISO) within the Office of Health Information Management (OHIM). In coordination with the Department CISO, the Project Coordinator will serve as Information Security Officer and will implement cybersecurity controls required by the NYS Title 10, Section 405.46 - Hospital Cybersecurity Requirements of the Health Insurance Portability and Accountability Act (HIPAA) and other relevant regulations at Helen Hayes Hospital. They will serve as subject matter expert in multiple areas of cybersecurity, such as incident response, digital forensics, risk assessments, digital identity management, and state and federal compliance requirements. The Project Coordinator may be responsible for supervising staff, assigning tasks, writing performance and probationary evaluations, conducting interviews, and hiring staff.The Project Coordinator will also be responsible for the facilityu2019s information, security incident response, risk and compliance, and cyber governance. They will also support the implementation and improvement of information security incident response plans and reports. They will investigate alleged information security violations, refer cases to entities like NYS Cyber Command or law enforcement as required, and respond to external investigation requests. They will perform analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provide remediation recommendations. Duties include: Implementation of information security and compliance programs; participation in the development, interpretation, review and communication of information security regulations, policies, procedures, and standards; monitoring of security compliance information, and improvement recommendations; support of the implementation of information security procedures and protocols and participate in security risk reviews and remediation activity, including producing written reports; collaboration with internal and external partners to address information security issues; planning and conducting outreach programs and activities to increase cybersecurity awareness; tracking and reporting on all security-related project portfolio tasks; support management in the resolution of security threats to agency and facility information systems; participation in information security risk analysis and risk management processes with business and IT units; review vulnerability scanning and analysis reports to help determine the scope of risk and prioritization of remediation; collect and maintain a risk register, including reporting and tracking of remediation; monitoring of external data sources to maintain the currency of threat conditions and their potential impact on the enterprise. The Project Coordinator will also participate in the identification and modeling of new threat scenarios to provide proactive defensive measures to technical teams for mitigation of risk and will disseminate threat and vulnerability intelligence products. They will participate in the continuous monitoring and protection of technology resources and determine events that require investigation and response. In addition, the Project Coordinator will design, plan, and facilitate cybersecurity tabletop exercises to foster information sharing and enhance cyber awareness with stakeholders; conduct post-exercise after-action analysis, reporting, and assessment; develop recommendations; and design future exercises to validate improvements.The Project Coordinator will evaluate systems and contracts for alignment with agency and State security policies; review contracts, service level agreements, memorandum of understanding language, and other documents to verify that they meet information security needs and requirements that align with facility, agency, and State security policies; provide information security expertise, advice, and recommendations to agency executives on a broad range of information security matters; and act as an information security leader on projects and initiatives to ensure security by design through the implementation of the Secure Systems Development Lifecycle (SSDLC).The Project Coordinator will monitor information security trends, tools, and techniques; they will keep abreast of relevant laws and regulations that could affect the security controls and classification of information assets and communicate legal and regulatory requirements; conduct research, administer, and utilize specialized cybersecurity tools, techniques, and procedures; represent the agency at internal and external information security meetings and conferences to maintain awareness and evaluate the applicability of the latest information security techniques and tools to the agencyu2019s security program; participate in the creation and maintenance of dashboards and reports that present information security data in an intuitive manner. Minimum Qualifications A bacheloru2019s degree with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience, including two years of information security or information assurance experience.Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year ofgeneral information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience.Experience solely in information security or information assurance may substitute for the general information technology experience.

Created: 2026-03-07