Lead IT Security Analyst

Position Summary We have an exciting opportunity to join our team as a Lead IT Security Analyst. This position reports to the IT Controls & Regulatory Compliance Manager and serves as a senior individual contributor and subject matter expert responsible for leading enterprise risk assessments and evaluating the security of modern technology environments, including cloud‑based platforms. The IT Controls Lead drives the design, execution and continuous improvement of the organization’s risk assessment program to ensure compliance with regulatory and industry requirements, including HIPAA, HITRUST, PCI DSS, and FISMA. This role partners closely with IT, Security, Clinical, Research and Compliance stakeholders to assess risk across enterprise systems, research technologies and cloud infrastructure, and to ensure that security controls are appropriately designed and operating effectively. Job Responsibilities Lead the execution and maturation of the enterprise risk assessment program aligned to regulatory and industry frameworks Conduct and oversee complex risk assessments, including HIPAA and HITRUST‑aligned evaluations Define and maintain risk assessment methodologies, scoring models and standards Identify, analyze and document risks and develop actionable remediation strategies Lead security assessments of cloud and hybrid environments (e.g., IaaS, PaaS, SaaS) Evaluate key control domains, including identity and access management, network architecture and segmentation, logging, monitoring and detection capabilities, data protection and encryption, and assess alignment to frameworks such as HITRUST, PCI, NIST Cybersecurity Framework and ISO/IEC 27001 Partner with engineering and security teams to validate that controls are effectively implemented in real‑world environments Lead security and risk reviews of research technologies and data use cases, including systems handling sensitive or regulated data Partner with clinical and research stakeholders to evaluate emerging technologies and ensure appropriate risk controls are in place Provide guidance on secure design and data protection strategies Serve as a senior escalation point for complex or high‑risk assessments across enterprise systems, third‑party/vendor solutions, cloud and research environments Provide subject matter expertise and mentorship to team members supporting assessments and compliance activities Influence decision‑making across stakeholders without direct authority Support internal and external audit activities by providing subject matter expertise, documentation and control validation Ensure risk assessments and control evaluations align with regulatory expectations and audit requirements Partner with the IT Controls Manager on audit responses and remediation planning Identify opportunities to enhance assessment processes, tooling and automation Contribute to development of metrics, dashboards and reporting to measure risk posture and program effectiveness Drive continuous improvement in how risk is identified, assessed and managed across the enterprise Minimum Qualifications Typically requires 10 or more years of experience and BA/BS degree or equivalent. Preferred Qualifications Advanced degree desirable. Communication Qualified candidates must be able to effectively communicate with all levels of the organization. Benefits NYU Langone Health offers a comprehensive benefits and wellness package. Equal Opportunity Employer NYU Langone Health is an equal opportunity employer and is committed to inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration. Salary Salary range for the role is $121,792.22 – $210,091.64 annually. #J-18808-Ljbffr NYU Langone Health