IT Security & Compliance Lead (Healthcare)
-
Administration
Location: 
620 Foster Avenue, Brooklyn, NY 11230
Hours: 
Full Time

Premium Health is looking for outstanding Security & Compliance candidates for our Information Technology department.

Premium Health’s Information Technology (IT) department is based in our Administration office and is responsible for managing and maintaining the entire infrastructure of multiple health practices across Brooklyn. The IT department is a team that is projected to grow as the organization does and is lead by our Chief Digitial Information Officer. We are seeking a hands-on IT Security & Compliance Lead to own and operate the organization’s security, risk, and compliance program across a multi-site ambulatory healthcare environment.

This role is responsible for day-to-day execution of security controls, HIPAA compliance, audit readiness, vendor risk management, and AI governance, ensuring systems and data are protected while enabling efficient clinical and operational workflows.

The role serves as the internal owner of security programexecution, working closely with IT, clinical applications, data, andoperational teams, as well as external partners.  The role will also establish and managepractical AI governance, enabling safe and effective use of emerging AI toolsacross the organization.

This individual will help define and execute a practicalsecurity roadmap to continuously mature the organization’s security controls,operational practices, and risk management capabilities, aligned to healthcareregulatory requirements and industry-standard frameworks such as NIST.

Success in this role requires a balance of operationalexecution, hands-on security administration, cross-functional collaboration,and pragmatic risk management while supporting a rapidly evolving healthcareenvironment.


Time Commitment:

·       40 hours per week (Monday – Friday)

·       Opportunity for remote work for up to 20% of scheduled hours


Responsibilities:

Security Program Ownership& Execution

  • Own and operate the organization’s security program,     ensuring policies, procedures, and controls are consistently implemented
  • Maintain and update security policies, standards, and     procedures
  • Ensure alignment with regulatory and organizational     requirements
  • Support ongoing maturation of the organization’s     security posture and controls framework, including alignment with     industry-standard practices such as NIST
  • Stay current on emerging cybersecurity threats,     vulnerabilities, technologies, AI-related risks, and evolving industry     best practices, proactively identifying opportunities to strengthen the     organization’s security posture and risk management capabilities

 

Security Tooling & ControlAdministration

  • Administer and support security technologies and     operational controls across the environment, including email security,     endpoint protection, identity and access management, MFA, conditional     access, DLP, and firewall/security platforms
  • Configure, tune, monitor, and maintain security     rules, alerts, policies, and protections across Microsoft 365, SaaS,     endpoint, and network security platforms in collaboration with internal IT     teams and external security partners
  • Support email security administration, including     phishing protection, impersonation protection, quarantine management, and     coordination of SPF/DKIM/DMARC-related controls
  • Coordinate and manage phishing simulations, user     remediation, and security awareness follow-up activities
  • Support SaaS application governance and review of     third-party application access, permissions, and security risks
  • Partner with outsourced SOC/EDR providers to     investigate alerts, validate remediation actions, and continuously improve     detection and response capabilities

 

Compliance & AuditReadiness (HIPAA)

  • Lead HIPAA compliance efforts, including risk     assessments and remediation tracking
  • Coordinate internal and external audits, ensuring     documentation and evidence are maintained continuously
  • Monitor compliance with security policies and     regulatory requirements
  • Ensure controls are functioning and documented (not     just defined)

 

Vendor & Third-Party RiskManagement

·        Own vendor security review process

·        Ensure BAAs and security requirements are inplace and tracked

·        Maintain vendor inventory and riskclassification

Identity & AccessManagement

  • Oversee user access controls, including onboarding,     offboarding, and role-based access controls
  • Lead periodic access reviews across key systems
  • Ensure least-privilege access and proper audit trails    

Security Operations &Incident Coordination

  • Serve as the internal point of contact for security     incidents, coordinating response with outsourced SOC/EDR providers
  • Define and maintain incident response processes and     escalation paths
  • Track and ensure follow-up on security alerts and     incidents

 

AI Governance & EmergingTechnology Risk

  • Establish and maintain practical AI governance     guidelines, including acceptable use of tools such as ChatGPT and     Microsoft Copilot
  • Define     guardrails for responsible use of AI, including PHI protection and data     handling
  • Support     evaluation of AI-enabled tools and vendors
  • Partner     with IT and operational teams to enable safe adoption

 

Security Awareness &Training

  • Support security awareness initiatives, including     phishing simulations and staff education
  • Provide guidance on secure use of systems, data, and     AI tools

 

Collaboration & Reporting

  • Partner with IT, Clinical Applications, Data, and     Operations teams to ensure security practices align with workflows and     business needs
  • Provide regular reporting on security posture, risks,     and compliance status to leadership
  • Identify opportunities to improve processes, reduce     risk, and strengthen controls


Requirements:

Qualified candidates must have 5 years of experience, be self-driven and know:

  • 5+ years of experience in IT security, compliance, or     risk management
  • Experience in healthcare or regulated environments     (HIPAA strongly preferred)
  • Experience managing or supporting security programs,     audits, and compliance initiatives
  • Strong understanding of identity and access     management, vendor risk, and security controls
  • Ability to work cross-functionally and translate     security requirements into practical processes
  • Hands-on experience administering or supporting     security technologies and operational controls, including areas such as     identity and access management, endpoint protection, email security,     MFA/conditional access, DLP, or SaaS security administration

Preferred:
  • Experience working with SaaS-heavy environments and     third-party vendors
  • Experience working with Microsoft 365 security     technologies, endpoint protection, email security, SIEM, DLP, conditional     access, or related security platforms
  • Experience developing or supporting security policies     and governance frameworks
  • Familiarity     with NIST, CIS Controls, or similar frameworks
  • Exposure to AI tools and interest in emerging     technology governance


Compensation:

Commensurate with Experience


Benefits:

·       Paid time Off, Medical, Dental and Vision plans, Retirement plans

·       Public Service Loan Forgiveness (PSLF)

Apply Here

Start Application

<- Back to the Careers Page!