What are the responsibilities and job description for the IT Security & Compliance Lead (Healthcare) position at Premium Health Center?
Administration
Location:
620 Foster Avenue, Brooklyn, NY 11230
Hours
Full Time
Premium Health is looking for outstanding Security & Compliance candidates for our Information Technology department.
Premium Health’s Information Technology (IT) department is based in our Administration office and is responsible for managing and maintaining the entire infrastructure of multiple health practices across Brooklyn. The IT department is a team that is projected to grow as the organization does and is lead by our Chief Digitial Information Officer. We are seeking a hands-on IT Security & Compliance Lead to own and operate the organization’s security, risk, and compliance program across a multi-site ambulatory healthcare environment.
This role is responsible for day-to-day execution of security controls, HIPAA compliance, audit readiness, vendor risk management, and AI governance, ensuring systems and data are protected while enabling efficient clinical and operational workflows.
The role serves as the internal owner of security programexecution, working closely with IT, clinical applications, data, andoperational teams, as well as external partners. The role will also establish and managepractical AI governance, enabling safe and effective use of emerging AI toolsacross the organization.
This individual will help define and execute a practicalsecurity roadmap to continuously mature the organization’s security controls,operational practices, and risk management capabilities, aligned to healthcareregulatory requirements and industry-standard frameworks such as NIST.
Success in this role requires a balance of operationalexecution, hands-on security administration, cross-functional collaboration,and pragmatic risk management while supporting a rapidly evolving healthcareenvironment.
Time Commitment
Security Program Ownership& Execution
Requirements
Qualified candidates must have 5 years of experience, be self-driven and know:
Preferred
Compensation
Commensurate with Experience
Benefits
Location:
620 Foster Avenue, Brooklyn, NY 11230
Hours
Full Time
Premium Health is looking for outstanding Security & Compliance candidates for our Information Technology department.
Premium Health’s Information Technology (IT) department is based in our Administration office and is responsible for managing and maintaining the entire infrastructure of multiple health practices across Brooklyn. The IT department is a team that is projected to grow as the organization does and is lead by our Chief Digitial Information Officer. We are seeking a hands-on IT Security & Compliance Lead to own and operate the organization’s security, risk, and compliance program across a multi-site ambulatory healthcare environment.
This role is responsible for day-to-day execution of security controls, HIPAA compliance, audit readiness, vendor risk management, and AI governance, ensuring systems and data are protected while enabling efficient clinical and operational workflows.
The role serves as the internal owner of security programexecution, working closely with IT, clinical applications, data, andoperational teams, as well as external partners. The role will also establish and managepractical AI governance, enabling safe and effective use of emerging AI toolsacross the organization.
This individual will help define and execute a practicalsecurity roadmap to continuously mature the organization’s security controls,operational practices, and risk management capabilities, aligned to healthcareregulatory requirements and industry-standard frameworks such as NIST.
Success in this role requires a balance of operationalexecution, hands-on security administration, cross-functional collaboration,and pragmatic risk management while supporting a rapidly evolving healthcareenvironment.
Time Commitment
- 40 hours per week (Monday – Friday)
- Opportunity for remote work for up to 20% of scheduled hours
Security Program Ownership& Execution
- Own and operate the organization’s security program, ensuring policies, procedures, and controls are consistently implemented
- Maintain and update security policies, standards, and procedures
- Ensure alignment with regulatory and organizational requirements
- Support ongoing maturation of the organization’s security posture and controls framework, including alignment with industry-standard practices such as NIST
- Stay current on emerging cybersecurity threats, vulnerabilities, technologies, AI-related risks, and evolving industry best practices, proactively identifying opportunities to strengthen the organization’s security posture and risk management capabilities
- Administer and support security technologies and operational controls across the environment, including email security, endpoint protection, identity and access management, MFA, conditional access, DLP, and firewall/security platforms
- Configure, tune, monitor, and maintain security rules, alerts, policies, and protections across Microsoft 365, SaaS, endpoint, and network security platforms in collaboration with internal IT teams and external security partners
- Support email security administration, including phishing protection, impersonation protection, quarantine management, and coordination of SPF/DKIM/DMARC-related controls
- Coordinate and manage phishing simulations, user remediation, and security awareness follow-up activities
- Support SaaS application governance and review of third-party application access, permissions, and security risks
- Partner with outsourced SOC/EDR providers to investigate alerts, validate remediation actions, and continuously improve detection and response capabilities
- Lead HIPAA compliance efforts, including risk assessments and remediation tracking
- Coordinate internal and external audits, ensuring documentation and evidence are maintained continuously
- Monitor compliance with security policies and regulatory requirements
- Ensure controls are functioning and documented (not just defined)
- Own vendor security review process
- Ensure BAAs and security requirements are inplace and tracked
- Maintain vendor inventory and riskclassification
- Oversee user access controls, including onboarding, offboarding, and role-based access controls
- Lead periodic access reviews across key systems
- Ensure least-privilege access and proper audit trails
- Serve as the internal point of contact for security incidents, coordinating response with outsourced SOC/EDR providers
- Define and maintain incident response processes and escalation paths
- Track and ensure follow-up on security alerts and incidents
- Establish and maintain practical AI governance guidelines, including acceptable use of tools such as ChatGPT and Microsoft Copilot
- Define guardrails for responsible use of AI, including PHI protection and data handling
- Support evaluation of AI-enabled tools and vendors
- Partner with IT and operational teams to enable safe adoption
- Support security awareness initiatives, including phishing simulations and staff education
- Provide guidance on secure use of systems, data, and AI tools
- Partner with IT, Clinical Applications, Data, and Operations teams to ensure security practices align with workflows and business needs
- Provide regular reporting on security posture, risks, and compliance status to leadership
- Identify opportunities to improve processes, reduce risk, and strengthen controls
Requirements
Qualified candidates must have 5 years of experience, be self-driven and know:
- 5 years of experience in IT security, compliance, or risk management
- Experience in healthcare or regulated environments (HIPAA strongly preferred)
- Experience managing or supporting security programs, audits, and compliance initiatives
- Strong understanding of identity and access management, vendor risk, and security controls
- Ability to work cross-functionally and translate security requirements into practical processes
- Hands-on experience administering or supporting security technologies and operational controls, including areas such as identity and access management, endpoint protection, email security, MFA/conditional access, DLP, or SaaS security administration
Preferred
- Experience working with SaaS-heavy environments and third-party vendors
- Experience working with Microsoft 365 security technologies, endpoint protection, email security, SIEM, DLP, conditional access, or related security platforms
- Experience developing or supporting security policies and governance frameworks
- Familiarity with NIST, CIS Controls, or similar frameworks
- Exposure to AI tools and interest in emerging technology governance
Compensation
Commensurate with Experience
Benefits
- Paid time Off, Medical, Dental and Vision plans, Retirement plans
- Public Service Loan Forgiveness (PSLF)