Information Security Director Jobs (NOW HIRING)

Job Category: Information Technology Requisition Number: HEALT004776

Posted: May 1, 2026

Full-Time On-site Cybersecurity Buffalo, NY 14215, USA

HOURLY RANGE: $52.51 - $72.97

NY HELPS

This title is part of the New York Hiring for Emergency Limited Placement Statewide Program (NY HELPS). For the duration of the NY HELPS Program, this title may be filled via a non-competitive appointment, which means NO EXAMINATION IS REQUIRED, but all candidates must meet the minimum qualifications of the title for which they apply. At a future date (within one year of permanent appointment), it is expected employees hired under NY HELPS will have their non-competitive employment status converted to competitive status, WITHOUT HAVING TO TAKE A CIVIL SERVICE TEST. Employees will then be afforded with all of the same rights and privileges of competitive class employees of New York State. While serving permanently in a NY HELPS title, employees may take part in any promotion examination for which they are qualified.

DISTINGUISHING FEATURES OF THE CLASS: The work involves assisting the Chief Healthcare Information Security Officer (CISO) in managing the Information Security Program at the Erie County Medical Center Corporation (ECMCC). The work involves addressing the electronic systems architecture and functionality as it affects safeguards of protected health information (PHI) and business information assets, as directed by the Healthcare Information Security Director or CISO. The incumbent monitors, assesses the IT business continuity and disaster recovery program and performs network penetration tests, application vulnerability assessment scans, and risk assessment reviews. The work is performed under the general direction of the Healthcare Information Security Director or CISO. Supervision may be exercised over lower-level technical staff. Does related work as required.

TYPICAL WORK ACTIVITIES:

Manages the Information Security Program procedures, technical systems and workforce training to maintain the confidentiality, integrity, and availability of data within all information systems;

Coordinates resources (staff, equipment, vendors, and consultants) across projects, manages the budget for assigned projects), monitors project progress (risks & issues) and adjusts resources and priorities accordingly;

Drives adoption of secure hardening and configuration practices in the systems security deployment cycle throughout central technology and line of business technical engineering teams;

Performs information security awareness and training to educate workforce about information risks;

Prepares and presents progress reports for management and ensure technologies are appropriately integrated to support the objectives of Cybersecurity Program;

Provides subject-matter-expertise in the discipline of Core Platform security to Cybersecurity operation team and others;

Provides consultancy for secure system design, development, engineering, and operation;

Provides project management and operational responsibility for administrative coordination and implementation of the organization's security program;

Assists in development of Security Program Policies and enforces policies and procedures;

Assists with enforcement of access control needs of the organization;

Identifies and helps implement continuous process enhancements/improvements to Cybersecurity Operations;

Assists in managing information security directives as mandated by Federal and State regulations, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA);

Assists with disaster recovery, business continuity, incident response, and risk management programs;

As directed by the Healthcare Information Security Director of CISO, performs or works with third-party consultants to perform information risk assessments, security audits, and accreditation surveys, ensuring that information systems are adequately protected and meet HIPAA certification requirements;

Participates in accreditation surveys;

Attends and participates in meetings, seminars, and training sessions.

FULL PERFORMANCE KNOWLEDGE, SKILLS, ABILITIES AND PERSONAL CHARACTERISTICS: Thorough knowledge of state of the art computer security; good knowledge of project management and development; good knowledge of internal computer logic, programs and facilities; good knowledge of technical infrastructure security components and integrated computerized rules-based systems; familiarity with Federal and State privacy and security laws and regulations and industry best practices as they relates to healthcare information security; ability to enforce programs to ensure the security of health information across a widely dispersed workforce with a variety of information mediums; ability to read, interpret and apply technical information; ability to analyze and resolve security problems quickly; ability to supervise others; ability to establish and maintain effective working relationships with a diverse constituency; critical thinking skills; problem solving skills; technical skills; capable of performing the essential functions of the position with or without reasonable accommodation.

MINIMUM QUALIFICATIONS:

• Possession of a Master's Degree* in Health Information Systems, Computer Science/Computer Programming, or related computer technology or healthcare related field and one (1) year of experience in computer or information security** which included experience with federal and state privacy and security laws, regulations and accreditation standards for maintaining information security and confidentiality; or:
• Possession of a Bachelor's Degree* in Health Information Systems, Computer Science/Computer Programming, or related computer technology or healthcare related field and three (3) years of experience in computer or information security**, one (1) year of which included experience with federal and state privacy and security laws, regulations and accreditation standards for maintaining information security and confidentiality; or:
• An equivalent combination of training and experience as defined by the limits of (A) and (B).

**Information Security , for the purpose of qualifying applications, is defined as the processes designed and implemented to protect information, systems, and networks against unauthorized access, use or disruption utilizing various forms of technology.

NOTE*: Your degree must have been awarded by a college or university accredited by a regional, national or specialized agency recognized as an accrediting agency by the U.S. Department of Education/U.S. Secretary of Education. If your degree was awarded by an educational institution outside the United States and its territories, you must provide independent verification of equivalency. A list of acceptable companies who provide this service can be found on the internet at http://www.cs.ny.gov/jobseeker/degrees.cfm . You must pay the required evaluation fee.

NOTE 2: Verifiable part-time and/or volunteer experience will be pro-rated toward meeting full-time experience requirements.

Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.