Jobs · Information Technology · New York

Security and Privacy Manager

EHE Health · New York, NY · 1 mo ago
On-siteInformation Technology$100k–$140k/yrFull-time

About the role

EHE Health is seeking a talented Security and Privacy Manager to lead and evolve our enterprise cybersecurity and privacy program. The role will reduce risk exposure and strengthen our control environment by advancing compliance and certification efforts, conducting internal audits, risk assessments, and ongoing security analyses.

Responsibilities

  • Conduct comprehensive security and privacy audits across networks, systems, applications, platforms, databases, and operational processes in alignment with established audit standards
  • Support and perform enterprise risk assessments to evaluate the design and effectiveness of controls across EHE’s technology and business environments
  • Manage the third-party risk management program, including due diligence, ongoing monitoring, and enforcement of EHE security and privacy requirements
  • Partner with IT and business stakeholders to communicate control requirements, strengthen adoption, and reinforce a robust control environment
  • Drive enterprise-wide awareness of cybersecurity and privacy policies through targeted education and engagement initiatives
  • Monitor and analyze security event data across computing platforms, networks, and security tools to identify risks, trends, and potential threats
  • Develop and deliver regular security metrics, dashboards, and operational reports to inform decision-making and leadership visibility
  • Conduct ongoing threat research, including emerging technologies such as artificial intelligence and evolving threat actors, to proactively assess business impact
  • Design and implement scalable, measurable, and repeatable security and privacy strategies aligned with organizational objectives
  • Lead and manage responses to prospective and existing client security and privacy inquiries, including questionnaires, due diligence requests, and audits

Requirements

  • Bachelor’s degree in Information Security, Computer Science, or a related field
  • 3–5 years’ experience in information security, cybersecurity, or privacy program operations
  • Hands-on experience supporting or operating security and/or privacy programs within ISO27001, ISO27701, SOC2 Type 2 frameworks
  • Working knowledge of HIPAA and the HITECH Act, healthcare or regulated industry experience preferred
  • Relevant industry certifications (e.g., CISSP, CCSP, CISM) preferred
  • Practical experience participating in cybersecurity incident response, either as a respondent or incident manager
  • Familiarity with the NIST Cybersecurity Framework (CSF), including its core functions: Govern, Identify, Protect, Detect, Respond and Recover
  • Strong written and verbal communication skills, with the ability to clearly convey complex security concepts to both technical and non-technical stakeholders
  • Demonstrable experience implementing or auditing identity and access management for on-premise and cloud-based services
  • Ability to identify and assess emerging technology risks (e.g. software supply chain and AI)

Qualifications

  • Intellectually curious, detail-oriented, and proactive with a collaborative mindset and a bias toward continuous improvement
  • Capable of growing within the organization and bringing ambition to support this trajectory

Skills

  • Comprehensive security and privacy audits
  • Enterprise risk assessments
  • Third-party risk management
  • Communication with IT and business stakeholders
  • Education and engagement initiatives
  • Monitoring and analyzing security event data
  • Threat research and analysis
  • Strategy development and implementation
  • Client security and privacy inquiries management

Benefits

  • Competitive salary
  • Medical, dental, vision, life, and disability insurance
  • Employer-matched 401(k) plan
  • Professional development reimbursement
  • Employee access to wellness clinics
  • Gym reimbursement/fitness bonus

Pay

The salary range for this role is $100,000 - $140,000 and is determined by a number of factors including the candidate’s experience, qualifications and skills.

Schedule

Full-time position.

Similar jobs

Privacy Manager

BitGoPalo Alto, CA· 2 wk ago
Legal$140k–$165k/yrapply on job-boards.greenhouse.io

Security Manager

Securitas Security Services USA, Inc.Denver, CO· 4 days ago
RemoteManagement$37–$40/hrapply on ekaw.fa.us2.oraclecloud.com

Security Manager

Glenwood Regional Medical CenterWest Monroe, LA· 3 wk ago
Information Technology

Security Manager

ARMADA, Ltd.Falls Church, VA· 3 wk ago
Managementapply on armadausa.isolvedhire.com

Security Manager

SRCChina Lake, CA· 2 wk ago
Information Technology$80k/yrapply on jobs.jobvite.com