Information Security Risk Analyst at Massachusetts General Hospital
Somerville, MA
About the Job
Description
true
Information Security Risk Analyst3106888About Us:
As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.
We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.
Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
· 0-2 years of experience in IT/IS preferred.
· 0-2 years of experience in an information security or information privacy role or experience with
security and internet-working devices and software, including some experience with large mission-critical networks is preferred.
· Awareness or ability to understand HIPAA, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy regulatory requirements for healthcare entities.
PHS Assembly Row02145Information Security
true
Information Security Risk Analyst3106888About Us:
As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.
We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.
Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
General Summary
The ideal candidate for the role of a PHS Information Security and Privacy Associate Analyst must have a genuine and proactive desire to learn how to implement, administer and evolve and effective information security and privacy program for at the Enterprise-level. Individuals must be able to learn quickly, produce high quality written documentation within established timelines, and apply critical analytic thinking across the diverse field of information security and privacy.
The PHS Information Security and Privacy Associate Analyst is responsible for engaging in Partners Healthcare Business and Technology initiatives that impact all Partners Healthcare Entities, Employees, and Agents and have a known or unknown security component.
The PHS Information Security Associate Analyst will provide significant application administration support to the Enterprise Governance Risk and Compliance Platform (GRC), Archer, in addition to working with committees, leadership and staff throughout institution(s) and Partners Healthcare System (PHS) to understand the business and operational objectives in order to identify and support security related needs.
Participates in the development and implementation of the PHS IS Information Security program in a manner that fulfills the mission and strategic goals of the program while complying with state and federal laws and accreditation standards related to Risk Management; collaborating with site and PHS Information Security, Privacy and Compliance as required.
Maintains up to date knowledge of, and expertise in the administration and management of PHS- and site-base information security program and assists Information Security Officers in these initiatives.
Principal Duties and Responsibilities
Indicate key areas of responsibility, major job duties, special projects and key objectives for this position. These items should be evaluated throughout the year and included in the written annual evaluation.
1. Develop an understanding of Partners business applications, information security concepts and practice, and information privacy service delivery and service management offerings.
2. Assist in gathering and documenting requirements from business unit representatives and work with the Security & Privacy Operations and Security Engineering teams to ensure Partners business needs are being met with regards to alerts, reports, and overall security & privacy monitoring.
3. Support Information Security Officers in project and site initiatives as needed.
4. Participates in the development of PHS Information Security Policies and in the formulation of local procedures and practices to ensure compliance (standards, guidelines).
5. Become proficient in supporting the Enterprise Governance, Risk and Compliance (GRC) Tool
6. Provide primary support for intake and triage of Information Security and Privacy office service tickets
7. Provide meeting facilitation and support for ISPO projects based on need and prioritization
8. Gather, document and validate business and technical requirements requirements
9. Assist Information System (IS) incident handling to facilitate closure at PHS and at institution level where necessary
10. Administers tracking, auditing, and response to device security, including safe and secure hardware and media disposal for PHS facilities, consistent with PHS policies
11. Support continuous information security & privacy process improvement efforts associated with the effective and efficient application of information security & privacy tools
12. Assist business users, project managers and IS leadership in optimizing the scope, benefits and information security & privacy risk management of proposed projects and initiatives; and help manage expectations of users and management
13. Create, review, and update documentation related to the information security and information privacy controls
14. Facilitate and/or attend meetings as required in order to accomplish work goals and objectives
15. Prepare reports by collecting, analyzing, and summarizing information
16. Use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
Bachelor’s degree* (B.A. / B.S.) in computer science, business administration, or equivalent discipline from an accredited college or university required.The ideal candidate for the role of a PHS Information Security and Privacy Associate Analyst must have a genuine and proactive desire to learn how to implement, administer and evolve and effective information security and privacy program for at the Enterprise-level. Individuals must be able to learn quickly, produce high quality written documentation within established timelines, and apply critical analytic thinking across the diverse field of information security and privacy.
The PHS Information Security and Privacy Associate Analyst is responsible for engaging in Partners Healthcare Business and Technology initiatives that impact all Partners Healthcare Entities, Employees, and Agents and have a known or unknown security component.
The PHS Information Security Associate Analyst will provide significant application administration support to the Enterprise Governance Risk and Compliance Platform (GRC), Archer, in addition to working with committees, leadership and staff throughout institution(s) and Partners Healthcare System (PHS) to understand the business and operational objectives in order to identify and support security related needs.
Participates in the development and implementation of the PHS IS Information Security program in a manner that fulfills the mission and strategic goals of the program while complying with state and federal laws and accreditation standards related to Risk Management; collaborating with site and PHS Information Security, Privacy and Compliance as required.
Maintains up to date knowledge of, and expertise in the administration and management of PHS- and site-base information security program and assists Information Security Officers in these initiatives.
Principal Duties and Responsibilities
Indicate key areas of responsibility, major job duties, special projects and key objectives for this position. These items should be evaluated throughout the year and included in the written annual evaluation.
1. Develop an understanding of Partners business applications, information security concepts and practice, and information privacy service delivery and service management offerings.
2. Assist in gathering and documenting requirements from business unit representatives and work with the Security & Privacy Operations and Security Engineering teams to ensure Partners business needs are being met with regards to alerts, reports, and overall security & privacy monitoring.
3. Support Information Security Officers in project and site initiatives as needed.
4. Participates in the development of PHS Information Security Policies and in the formulation of local procedures and practices to ensure compliance (standards, guidelines).
5. Become proficient in supporting the Enterprise Governance, Risk and Compliance (GRC) Tool
6. Provide primary support for intake and triage of Information Security and Privacy office service tickets
7. Provide meeting facilitation and support for ISPO projects based on need and prioritization
8. Gather, document and validate business and technical requirements requirements
9. Assist Information System (IS) incident handling to facilitate closure at PHS and at institution level where necessary
10. Administers tracking, auditing, and response to device security, including safe and secure hardware and media disposal for PHS facilities, consistent with PHS policies
11. Support continuous information security & privacy process improvement efforts associated with the effective and efficient application of information security & privacy tools
12. Assist business users, project managers and IS leadership in optimizing the scope, benefits and information security & privacy risk management of proposed projects and initiatives; and help manage expectations of users and management
13. Create, review, and update documentation related to the information security and information privacy controls
14. Facilitate and/or attend meetings as required in order to accomplish work goals and objectives
15. Prepare reports by collecting, analyzing, and summarizing information
16. Use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
· 0-2 years of experience in IT/IS preferred.
· 0-2 years of experience in an information security or information privacy role or experience with
security and internet-working devices and software, including some experience with large mission-critical networks is preferred.
· Awareness or ability to understand HIPAA, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy regulatory requirements for healthcare entities.
* Bachelor's degree from a four-year accredited college/university may be substituted.
* Any of the following certifications is a plus:
PMP, ITIL, or any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, GPEN, and PMP
Skills/ Abilities/ Competencies
1. Genuine and proactive interest in information security and privacy concepts
2. Strong business and analytical skills to identify, write and negotiate business and technical requirements gathering
3. Outstanding time management and organizational skills required
4. Excellent written and verbal communication skills, effective interpersonal skills, strong formal presentation abilities and good leadership skills
5. Ability to interpret business objectives into functional information security & privacy activities that deliver against the risk management objectives
6. Some understanding of change management and ability to work under the required guidelines and deliver on business/project requirements
7. Ability to deal sensitively and effectively at all levels of the organization including both technical & non-technical, management, and senior leadership
8. Comfortable working in a dynamic environment with multiple work streams, goals, and objectives
9. High level critical thinking and strategic planning skills; ability to prioritize assignments
10. Ability to work independently with minimal supervision
Partners HealthCare is an Equal Opportunity Employer & by embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. * Any of the following certifications is a plus:
PMP, ITIL, or any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, GPEN, and PMP
Skills/ Abilities/ Competencies
1. Genuine and proactive interest in information security and privacy concepts
2. Strong business and analytical skills to identify, write and negotiate business and technical requirements gathering
3. Outstanding time management and organizational skills required
4. Excellent written and verbal communication skills, effective interpersonal skills, strong formal presentation abilities and good leadership skills
5. Ability to interpret business objectives into functional information security & privacy activities that deliver against the risk management objectives
6. Some understanding of change management and ability to work under the required guidelines and deliver on business/project requirements
7. Ability to deal sensitively and effectively at all levels of the organization including both technical & non-technical, management, and senior leadership
8. Comfortable working in a dynamic environment with multiple work streams, goals, and objectives
9. High level critical thinking and strategic planning skills; ability to prioritize assignments
10. Ability to work independently with minimal supervision
PHS Assembly Row02145Information Security