Mount Sinai Careers
Information Security Specialist III - Data Security
Strength Through Diversity
Ground breaking science. Advancing medicine. Healing made personal.
The Information Security Specialist III directs, manages, plans and administers the operational and administrative activities associated with the running of the Information Security section.
Support the Associate Director for security risk assessments and the CISO and senior IT infrastructure leadership with the completion of security risk assessments.
Provide expertise and working knowledge of governance, risk management and compliance (GRC) tools for documentation of individual high risk general and application security risk issues and associated analytics.
Communicate with internal and external clients regularly to clearly communicate technical concepts, procedures to non-technical users.
Define and communicate project milestones, or scope of work resource allocation and will have dotted lines to senior leadership.
Day to day responsibilities include:
1. Responsible for security reviews of application technology architecture.
2. Provides state-of-the-art technical expertise and support to clients, IT management and staff in risk assessment and the implementation of appropriate data security procedures and products. Reviews the design, development, testing and implementation of appropriate IT security plans, products, firewalls and other access control techniques.
3. Participates in the establishment and implementation of the firm’s information security policy.
4. Reviews the development, testing and implementation of appropriate security plans, products and control techniques. Evaluates effectiveness of training courses and sources of training.
5. Identifies emerging vulnerabilities, evaluates associated risks and threats and provides countermeasures where necessary.
6. Manages the reporting, investigation and resolution of data security incidents.
7. Maintains contact with industry security standard setting groups, and an awareness of State and Federal legislation and regulations pertaining to data privacy and information security.
8. Proposes changes in firm-wide security policy when necessary.
9. Directs the Information Security staff in the evaluation of risks and threats, development, implementation, communication, operation, monitoring and maintenance of the IT security policies and procedures which promote a secure and uninterrupted operation of all IT systems.
10. Develops communications and related campaigns for information security awareness among all staff.
11. Prepares activity and progress reports.
12. Responsible for the development and implementation of security standards, procedures and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments (e.g., firm-wide, distributed, client server systems, and e-applications).
13. Performs related duties as assigned or requested
Seven years experience in security aspects of multiple platforms, operating systems, software, communications and network protocols, or an equivalent combination of education and work experience.