Project Coordinator (Information Security Officer) West Haverstraw, United States | Posted on 01/15/2026 This position will matrix report to the Project Director and DOH Chief Information Security Officer within the Office of Health Information Management (OHIM). In coordination with the Department CISO, the Project Coordinator will serve as Information Security Officer and will implement cybersecurity controls required by the NYS Title 10, Section 405.46 - Hospital Cybersecurity Requirements, HIPAA and other relevant regulations at Helen Hayes Hospital. The Project Coordinator will also be responsible for facility Information Security incident response, risk and compliance, and cyber governance. Duties include: Responsibilities Implements information security and compliance programs. Participates in the development, interpretation, review and communication of information security regulations, policies, procedures, and standards. Monitors information security compliance and recommends improvements. Supports the implementation of information security procedures and protocols and participates in security risk reviews and remediation activity including producing written reports. Works with internal and external partners on information security issues. Plans and conducts outreach programs and activities to increase cybersecurity awareness. Tracks and reports out on all security related project portfolio tasks. Supports the management and resolution of security threats to agency and facility information systems. Participates in information security risk analysis and risk management processes with business and IT units. Review vulnerability scanning and analysis reports to help determine scope of risk and prioritization of remediation. Collects and maintains risk register, including reporting and tracking of remediation. Monitors external data sources to maintain currency of threat condition and potential impact on enterprise. Participates in the identification and modeling of new threat scenarios to provide proactive defensive measures to technical teams for mitigation of risk. Disseminates threat and vulnerability intelligence products. Participates in the continuous monitoring and protection of technology resources and determines events that require Participates in cyber incident response. Supports the implementation and improvement of information security incident response plans and reports. Design, plan, and facilitate cyber security tabletop exercises to foster information-sharing and enhance cyber awareness with stakeholders. Participates in the investigation of alleged information security violations, follows agency procedures for referring the investigation to other investigative entities (e.g., NYS Cyber Command, law enforcement, and State and federal oversight agencies), and responds to requests for information from external investigators. Performs analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provides remediation recommendations. Conduct post-exercise after-action analysis, reporting, and assessment, develop recommendations, and design future exercises to validate improvements. Serves as information security expert and evaluates systems and contracts for alignment with agency and State information security policies. Reviews contract, service level agreement, memorandum of understanding language and other documents to verify that they meet information security needs and requirements and align with facility, agency, and State information security policies. Provides information security expertise, advice, and recommendations to agency executives on a broad range of information security matters. Acts as information security lead on projects and initiatives to ensure security by design through implementation of the Secure Systems Development Lifecycle (SSDLC). Monitors information security trends, tools, and techniques. Keeps abreast of relevant laws and regulations that could affect the security controls and classification of information assets and communicates legal and regulatory requirements. Researches, administers, and utilizes specialized cyber security tools, techniques, and procedures. Represents the agency at internal and external information security meetings and conferences to maintain awareness and evaluates the applicability of the latest information security techniques and tools to the agency’s security program. Participates in creation and maintenance of dashboard and reports that present information security data in an intuitive manner. Serves as a subject matter expert in multiple areas of cyber security such as incident response, digital forensics, risk assessments, digital identity management, state, and federal compliance requirements. May supervise staff and assigns work, writes performance and probationary evaluations, conducts interviews, and hires staff. Requirements MINIMUMQUALIFICATIONS/COMPETENCIES: A bachelor’sdegree* with at least 15 credit hours in cyber security, information assurance,or information technology; and three years of information technologyexperience, including two years of information security or informationassurance experience**. *Substitution: bachelor's degree candidates without at least 15 course creditsin cyber security, information assurance, or information technology require anadditional year of general information technology experience to qualify. Appropriate informationsecurity or information assurance experience may substitute for the bachelor'sdegree on a year-for-year basis; an associate’s degree requires an additionaltwo years of general information technology experience. **Experience solely in information security or information assurance maysubstitute for the general information technology experience. The preferred candidate will have a master’sdegree in cybersecurity, risk management, information systems, healthinformation management, computer science, or a related field; a minimum of 3years of experience in cybersecurity, cyber risk assessment, cyber incidentresponse, or auditing IT systems. The preferred candidate should possess acertification in one or more of the following: Certified Information SystemsAuditor (CISA), Certified Information Systems Security Professional (CISSP),(ISC)2 Systems Security Certified Practitioner (SSCP), Certified in Risk andInformation Systems Control (CRISC), Certified Information Security Manager(CISM), CompTIA Security+,CEH: Certified Ethical Hacker. They should have the ability to work effectively in a team environment; they should be highlyorganized, motivated, and a self-directed professional. Additionally, thecandidate should demonstrate strong analytical skills and a deep understandingof security frameworks and risk management practices. Excellent communicationabilities are essential, as the role will involve collaborating with variousstakeholders to implement and maintain security policies. They should haveknowledge of hardware, software, data, and network principles and systemsrelated to Private and/or Public Sectors services. They should also have athorough understanding of commonly used computer operating systems, databases,and network structures; they should have familiarity with cybersecurityregulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO27001/27002, orCIS); and have investigative and analytical skills. They should possessexcellent oral and written communication skills, including the ability toexplain complex technical issues in plain language; knowledge of the currentand evolving cyber threat landscape; and knowledge of laws, regulations,policies, and ethics related to cybersecurity and information privacy. #J-18808-Ljbffr