Senior Consultant - Security Advisor

About Us

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We are independent and vendor-neutral, so we have our clients’ best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

About The Role

As a security consultant, you will collaborate with team members to conceptualize, deliver, and support our clients through today’s ever-changing cybersecurity landscape. NYSTEC is considered a trusted advisor, partner of choice, and employer of choice. We believe that every interaction is an opportunity to deliver exceptional service that empowers client success!

Serving as a security consultant, your day-to-day role that may include:

• Supporting organizations with governance, risk, and compliance (GRC) activities in support of significant health information technology (HIT) programs.
• Establishing security awareness and training, incident response, disaster recovery, vulnerability management, and software development life cycle (SDLC) programs.
• Demonstrating knowledge of National Institute of Standards and Technology (NIST) 800-30 risk assessments, NIST 800-53 compliance assessments, and the NIST Cybersecurity Framework (CSF).
• Working with the client to ensure that their contractors adhere to all applicable security and privacy requirements — as included in federal and state law, regulation, policy, and contractual requirements.
• This role will require some onsite work in Albany, NY.

About You:

Required Qualifications

• Skills that cross multiple security domains — should be well versed in the software development life cycle (SDLC), assessment of risk, and able to understand the root causes of vulnerabilities and to articulate those in written and verbal communications to clients.
• Understanding of Health Insurance Portability and Accountability Act (HIPAA) security and privacy requirements.
• Experience implementing NIST 800-53 controls.
• Knowledge of NIST 800-30 style risk assessments.
• Knowledge of Health Information Trust Alliance (HITRUST) certification.
• Knowledge of the NIST CSF.
• Excellent communication and writing skills.

Education and Experience

• A bachelor’s degree in a related field of study and five years of related experience. An equivalent combination of advanced education, training, and experience will be considered.
• A certified information systems security professional (CISSP) or other skill-specific certification is preferred.

The pay range for this position is $79,793.00 to $109,716.00 per year.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.