JD:
36 Months experience in a non-operational Healthcare Information Security / Risk Management position.
36 Months experience performing formal IT risk assessment in a corporate/enterprise environment exceeding 20 locations and 10,000 employees.
36 Months experience supporting audit response activities based on NIST 800-53 controls.
36 Months experience coordinating and tracking web application scanning including providing guidance and recommendations to mitigate and remediate vulnerabilities identified in the web application scanning.
36 Months experience coordinating and tracking infrastructure scanning including providing guidance and recommendations to mitigate and remediate vulnerabilities identified in the infrastructure scanning.
24 Months experience working with Business Units to perform Information Classification.
"18 months experience utilizing NYS ITS Information Security Policy (NYS-P03-002) and associated NYS ITS security policies and standards for the purpose of protecting and maintaining the confidentiality, integrity, and availability of information; managing the risk of security exposure or compromise; and ensuring a secure and stable information technology (IT) environment.