Lead IT Security Analyst - HIPAA, HITRUST, FISMA

Job Description

NYU Langone Health is a fully integrated health system that consistently achieves the best patient outcomes through a rigorous focus on quality that has resulted in some of the lowest mortality rates in the nation. Vizient Inc. has ranked NYU Langone the No. 1 comprehensive academic medical center in the country for three years in a row, and U.S. News & World Report recently placed nine of its clinical specialties among the top five in the nation. NYU Langone offers a comprehensive range of medical services with one high standard of care across 6 inpatient locations, its Perlmutter Cancer Center, and over 320 outpatient locations in the New York area and Florida. With $14.2 billion in revenue this year, the system also includes two tuition-free medical schools, in Manhattan and on Long Island, and a vast research enterprise with over $1 billion in active awards from the National Institutes of Health.


For more information, go to NYU Langone Health, and interact with us on LinkedIn, Glassdoor, Indeed, Facebook, Twitter, YouTube and Instagram.

Position Summary:
We have an exciting opportunity to join our team as a Lead IT Security Analyst.


This position reports to the IT Controls & Regulatory Compliance Manager and serves as a senior individual contributor and subject matter expert responsible for leading enterprise risk assessments and evaluating the security of modern technology environments, including cloud-based platforms.


The IT Controls Lead drives the design, execution, and continuous improvement of the organizations risk assessment program to ensure compliance with regulatory and industry requirements, including HIPAA, HITRUST, PCI DSS, and FISMA.


This role partners closely with IT, Security, Clinical, Research, and Compliance stakeholders to assess risk across enterprise systems, research technologies, and cloud infrastructure, and to ensure that security controls are appropriately designed and operating effectively.

Job Responsibilities:

Enterprise Risk Assessment Leadership

• Lead the execution and maturation of the enterprise risk assessment program aligned to regulatory and industry frameworks

• Conduct and oversee complex risk assessments , including HIPAA and HITRUST-aligned evaluations

• Define and maintain risk assessment methodologies, scoring models, and standards

• Identify, analyze, and document risks, and develop actionable remediation strategies

Cloud Security & Technology Risk Evaluation

• Lead security assessments of cloud and hybrid environments (e.g., IaaS, PaaS, SaaS)

• Evaluate key control domains, including:

• Identity and access management

• Network architecture and segmentation

• Logging, monitoring, and detection capabilities

• Data protection and encryption

• Assess alignment to frameworks such as:

• HITRUST

• PCI

• NIST Cybersecurity Framework

• ISO/IEC 27001

• Partner with engineering and security teams to validate that controls are effectively implemented in real-world environments

Research Technology & Clinical Risk Oversight

• Lead security and risk reviews of research technologies and data use cases , including systems handling sensitive or regulated data

• Partner with clinical and research stakeholders to evaluate emerging technologies and ensure appropriate risk controls are in place

• Provide guidance on secure design and data protection strategies

Cross-Functional Leadership & Escalation

• Serve as a senior escalation point for complex or high-risk assessments across:

• Enterprise systems

• Third-party/vendor solutions

• Cloud and research environments

• Provide subject matter expertise and mentorship to team members supporting assessments and compliance activities

• Influence decision-making across stakeholders without direct authority

Regulatory & Audit Support

• Support internal and external audit activities by providing subject matter expertise, documentation, and control validation

• Ensure risk assessments and control evaluations align with regulatory expectations and audit requirements

• Partner with the IT Controls Manager on audit responses and remediation planning

Program Improvement & Innovation

• Identify opportunities to enhance assessment processes, tooling, and automation

• Contribute to development of metrics, dashboards, and reporting to measure risk posture and program effectiveness

• Drive continuous improvement in how risk is identified, assessed, and managed across the enterprise

Minimum Qualifications:
To qualify you must have a Typically requires 10 or more years of experience and BA/BS degree or equivalent

Preferred Qualifications:
Advanced degree desirable

Qualified candidates must be able to effectively communicate with all levels of the organization.

NYU Langone Health provides its staff with far more than just a place to work. Rather, we are an institution you can be proud of, an institution where you'll feel good about devoting your time and your talents.

At NYU Langone Health, we are committed to supporting our workforce and their loved ones with a comprehensive benefits and wellness package. Our offerings provide a robust support system for any stage of life, whether it's developing your career, starting a family, or saving for retirement. The support employees receive goes beyond a standard benefit offering, where employees have access to financial security benefits, a generous time-off program and employee resources groups for peer support. Additionally, all employees have access to our holistic employee wellness program, which focuses on seven key areas of well-being: physical, mental, nutritional, sleep, social, financial, and preventive care. The benefits and wellness package is designed to allow you to focus on what truly matters. Join us and experience the extensive resources and services designed to enhance your overall quality of life for you and your family.


NYU Langone Health is an equal opportunity employer and committed to inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration. We require applications to be completed online.

View Know Your Rights: Workplace discrimination is illegal.

NYU Langone Health provides a salary range to comply with the New York state Law on Salary Transparency in Job Advertisements. The salary range for the role is $121,792.22 - $210,091.64 Annually. Actual salaries depend on a variety of factors, including experience, specialty, education, and hospital need. The salary range or contractual rate listed does not include bonuses/incentive, differential pay or other forms of compensation or benefits.

To view the Pay Transparency Notice, please click here