Security and Privacy Manager
EHE Health · New York, NY · 1 mo ago
On-siteInformation Technology$100k–$140k/yrFull-time
About the role
EHE Health is seeking a talented Security and Privacy Manager to lead and evolve our enterprise cybersecurity and privacy program. The role will reduce risk exposure and strengthen our control environment by advancing compliance and certification efforts, conducting internal audits, risk assessments, and ongoing security analyses.
Responsibilities
- Conduct comprehensive security and privacy audits across networks, systems, applications, platforms, databases, and operational processes in alignment with established audit standards
- Support and perform enterprise risk assessments to evaluate the design and effectiveness of controls across EHE’s technology and business environments
- Manage the third-party risk management program, including due diligence, ongoing monitoring, and enforcement of EHE security and privacy requirements
- Partner with IT and business stakeholders to communicate control requirements, strengthen adoption, and reinforce a robust control environment
- Drive enterprise-wide awareness of cybersecurity and privacy policies through targeted education and engagement initiatives
- Monitor and analyze security event data across computing platforms, networks, and security tools to identify risks, trends, and potential threats
- Develop and deliver regular security metrics, dashboards, and operational reports to inform decision-making and leadership visibility
- Conduct ongoing threat research, including emerging technologies such as artificial intelligence and evolving threat actors, to proactively assess business impact
- Design and implement scalable, measurable, and repeatable security and privacy strategies aligned with organizational objectives
- Lead and manage responses to prospective and existing client security and privacy inquiries, including questionnaires, due diligence requests, and audits
Requirements
- Bachelor’s degree in Information Security, Computer Science, or a related field
- 3–5 years’ experience in information security, cybersecurity, or privacy program operations
- Hands-on experience supporting or operating security and/or privacy programs within ISO27001, ISO27701, SOC2 Type 2 frameworks
- Working knowledge of HIPAA and the HITECH Act, healthcare or regulated industry experience preferred
- Relevant industry certifications (e.g., CISSP, CCSP, CISM) preferred
- Practical experience participating in cybersecurity incident response, either as a respondent or incident manager
- Familiarity with the NIST Cybersecurity Framework (CSF), including its core functions: Govern, Identify, Protect, Detect, Respond and Recover
- Strong written and verbal communication skills, with the ability to clearly convey complex security concepts to both technical and non-technical stakeholders
- Demonstrable experience implementing or auditing identity and access management for on-premise and cloud-based services
- Ability to identify and assess emerging technology risks (e.g. software supply chain and AI)
Qualifications
- Intellectually curious, detail-oriented, and proactive with a collaborative mindset and a bias toward continuous improvement
- Capable of growing within the organization and bringing ambition to support this trajectory
Skills
- Comprehensive security and privacy audits
- Enterprise risk assessments
- Third-party risk management
- Communication with IT and business stakeholders
- Education and engagement initiatives
- Monitoring and analyzing security event data
- Threat research and analysis
- Strategy development and implementation
- Client security and privacy inquiries management
Benefits
- Competitive salary
- Medical, dental, vision, life, and disability insurance
- Employer-matched 401(k) plan
- Professional development reimbursement
- Employee access to wellness clinics
- Gym reimbursement/fitness bonus
Pay
The salary range for this role is $100,000 - $140,000 and is determined by a number of factors including the candidate’s experience, qualifications and skills.
Schedule
Full-time position.