Johnson, Mirmiran & Thompson Inc, Sparks

Lead IT Security Analyst - HIPAA, HITRUST, FISMA

Healthcare
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of experience in IT security or a related field
  • Bachelor's degree in a relevant discipline or equivalent
  • Experience with enterprise risk assessments and regulatory compliance
  • Familiarity with HIPAA, HITRUST, PCI DSS, and FISMA standards
  • Proficiency in evaluating cloud security and hybrid environments

Responsibilities

  • Lead the execution of the enterprise risk assessment program
  • Conduct complex risk assessments aligned with regulatory standards
  • Define and maintain risk assessment methodologies and standards
  • Identify, analyze, document risks, and develop remediation strategies
  • Lead security assessments of cloud and hybrid environments
  • Evaluate control domains like identity management and data protection
  • Provide subject matter expertise and mentorship to team members

Benefits

  • Comprehensive benefits and wellness package
  • Generous time-off program
  • Access to financial security benefits
  • Employee resource groups for peer support
  • Holistic employee wellness program focusing on multiple well-being areas
Full Job Description
Position Summary:
We have an exciting opportunity to join our team as a Lead IT Security Analyst.

This position reports to the IT Controls & Regulatory Compliance Manager and serves as a senior individual contributor and subject matter expert responsible for leading enterprise risk assessments and evaluating the security of modern technology environments, including cloud-based platforms.

The IT Controls Lead drives the design, execution, and continuous improvement of the organizations risk assessment program to ensure compliance with regulatory and industry requirements, including HIPAA, HITRUST, PCI DSS, and FISMA.

This role partners closely with IT, Security, Clinical, Research, and Compliance stakeholders to assess risk across enterprise systems, research technologies, and cloud infrastructure, and to ensure that security controls are appropriately designed and operating effectively.

Job Responsibilities:

Enterprise Risk Assessment Leadership

  • Lead the execution and maturation of the enterprise risk assessment program aligned to regulatory and industry frameworks


  • Conduct and oversee complex risk assessments, including HIPAA and HITRUST-aligned evaluations


  • Define and maintain risk assessment methodologies, scoring models, and standards


  • Identify, analyze, and document risks, and develop actionable remediation strategies


Cloud Security & Technology Risk Evaluation

  • Lead security assessments of cloud and hybrid environments (e.g., IaaS, PaaS, SaaS)


  • Evaluate key control domains, including:


  • Identity and access management


  • Network architecture and segmentation


  • Logging, monitoring, and detection capabilities


  • Data protection and encryption


  • Assess alignment to frameworks such as:


  • HITRUST


  • PCI


  • NIST Cybersecurity Framework


  • ISO/IEC 27001


  • Partner with engineering and security teams to validate that controls are effectively implemented in real-world environments


Research Technology & Clinical Risk Oversight

  • Lead security and risk reviews of research technologies and data use cases, including systems handling sensitive or regulated data


  • Partner with clinical and research stakeholders to evaluate emerging technologies and ensure appropriate risk controls are in place


  • Provide guidance on secure design and data protection strategies


Cross-Functional Leadership & Escalation

  • Serve as a senior escalation point for complex or high-risk assessments across:


  • Enterprise systems

  • Third-party/vendor solutions


  • Cloud and research environments


  • Provide subject matter expertise and mentorship to team members supporting assessments and compliance activities


  • Influence decision-making across stakeholders without direct authority


Regulatory & Audit Support

  • Support internal and external audit activities by providing subject matter expertise, documentation, and control validation


  • Ensure risk assessments and control evaluations align with regulatory expectations and audit requirements


  • Partner with the IT Controls Manager on audit responses and remediation planning


Program Improvement & Innovation

  • Identify opportunities to enhance assessment processes, tooling, and automation


  • Contribute to development of metrics, dashboards, and reporting to measure risk posture and program effectiveness


  • Drive continuous improvement in how risk is identified, assessed, and managed across the enterprise


Minimum Qualifications:
To qualify you must have a Typically requires 10 or more years of experience and BA/BS degree or equivalent

Preferred Qualifications:
Advanced degree desirable

Qualified candidates must be able to effectively communicate with all levels of the organization.

NYU Langone Health provides its staff with far more than just a place to work. Rather, we are an institution you can be proud of, an institution where you'll feel good about devoting your time and your talents.

At NYU Langone Health, we are committed to supporting our workforce and their loved ones with a comprehensive benefits and wellness package. Our offerings provide a robust support system for any stage of life, whether it's developing your career, starting a family, or saving for retirement. The support employees receive goes beyond a standard benefit offering, where employees have access to financial security benefits, a generous time-off program and employee resources groups for peer support. Additionally, all employees have access to our holistic employee wellness program, which focuses on seven key areas of well-being: physical, mental, nutritional, sleep, social, financial, and preventive care. The benefits and wellness package is designed to allow you to focus on what truly matters. Join us and experience the extensive resources and services designed to enhance your overall quality of life for you and your family.

NYU Langone Health provides a salary range to comply with the New York state Law on Salary Transparency in Job Advertisements. The salary range for the role is $121,792.22 - $210,091.64 Annually. Actual salaries depend on a variety of factors, including experience, specialty, education, and hospital need. The salary range or contractual rate listed does not include bonuses/incentive, differential pay or other forms of compensation or benefits.

To view the Pay Transparency Notice, please click here

About Johnson, Mirmiran & Thompson Inc, Sparks

Johnson, Mirmiran & Thompson, Inc. (JMT) is an engineering and architecture firm that provides a range of services, including transportation planning and design, environmental engineering, construction management, and surveying. The company serves clients in the transportation, environmental, and construction industries, as well as government agencies and municipalities. JMT is headquartered in Sparks, Maryland, and has offices throughout the United States. The company was founded in 1971 and has grown to become one of the largest engineering firms in the country. JMT is committed to sustainability and has implemented a number of initiatives to reduce its environmental impact, including the use of renewable energy sources and the implementation of green building practices.
Learn more about Johnson, Mirmiran & Thompson Inc, Sparks
Size
1,500 employees
Industry
Founded
1971

Similar Jobs

More Jobs at Johnson, Mirmiran & Thompson Inc, Sparks

More Healthcare Jobs

Find similar Lead IT Security Analyst - HIPAA, HITRUST, FISMA jobs: