As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women's Hospital and Massachusetts General Hospital, Mass General Brigham supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.
We're focused on a people-first culture for our system's patients and our professional family. That's why we provide our employees with more ways to achieve their potential. Mass General Brigham is committed to aligning our employees' personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development-and we recognize success at every step.
Our employees use the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
General Summary/Overview Statement
With guidance from the Cyber Security Risk Manager, assists with the Partners HealthCare enterprise-wide information security risk assessment program through active engagement with business owners including information gathering, risk analysis, and reporting. This is considered a mid-level position within the Risk Assessment Unit.
Principal Duties and Responsibilities
Coordinates and performs information system and third-party risk assessments, following a NIST-based methodology.
Work collaboratively with the Security Architects and the Security Engineering unit to build on defining necessary controls to close the gaps.
Works closely with IS management, business owners, end-users, and developers to implement risk identification and mitigation strategies and solutions that comply with IS security policies and standards.
Assists with the implementation of GRC technologies, including the implementation of automated risk assessment practices.
Implement risk assessment methods and approaches to increase compliance with documented policies and standards. Track progress against defined agreed upon plans to verify completion of remedial activities as needed.
Will assist in the development of report templates, creating formal risk assessment process documents and also delivering formal risk assessments reports to all levels of the business.
Coordinates with other functional units in the Partners HealthCare Information Security and Privacy Department in relation to application security testing, and vulnerability management.
Advises on information security issues related to specific systems and supporting workflows.
Provides appropriate and timely problem identification, reporting, and escalation with recommended resolutions to IS Security leadership.
Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.
Maintains awareness of new technologies and related opportunities for impact on system or application security.
Conduct information security research in keeping abreast of latest security issues and keeps abreast of testing tools, techniques, and process improvements in support of security event detection and analysis.
Researches and advises on documented architectures and frameworks that describe and are used to manage and improve the technical security environment.
Uses the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
Performs other duties as assigned.
Bachelor's degree in a technical field, or equivalent combination of education and experience.
Minimum of 5 years related experience, including:
3-5 years information system security in a health care environment preferred, including solid background with various technology areas, including networking, distributed applications, systems software, firewalls, and database management.
Strong technical background; understanding of security architecture, networking and system security controls
Previous/current experience working with tools and products such as firewalls, IDS/IPS, vulnerability scanning tools, penetration testing, system hardening, authentication, wireless tools; etc
3 years project management experience using established methodologies and tools
1-3 years experience with risk assessment and compliance monitoring
Experience with HIPAA, HITECH, and the NIST 800-53/30 and FIPS series publications
Prior security consulting experience preferred, but not mandatory
Security certifications strongly preferred, such as CISSP, CISA, SANS certifications and CRISC
Ability to effectively communicate to individuals and groups at various professional levels e.g. physicians and other care providers, managers and staff in order to accomplish goals and objectives while maintaining good working, professional relationships
Ability to exhibit critical and "systems" thinking
Ability to apply, analyze, interpret and present data and findings, which represent work, performed for operations and strategic decision-making
Ability to present information clearly, concisely, accurately and in a manner that promotes understanding
Energetic, positive and has a "can do" attitude
Understand the work environment and competing priorities in conjunction with developing and meeting defined goals and objectives
Function as both an individual contributor and team player within Health Information Systems and the Partners Healthcare organization at large and have an ability to be versatile, adaptable, and work within a complex, multi-site environment.
Provide quality customer service and serve as an exemplary representative of Partners Information Systems.
Understand the flow of data through a complex architecture (networking, systems and database)
Strong written and verbal communication skills
Strong PC skills including Microsoft Office Suite
Strong organizational, multi-tasking, analytical and problem-solving skills
Strong project management and process improvement implementation skills
Mass General Brigham is an Equal Opportunity Employer & by embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law.
Posted about 3 hours ago
Saint Peters, Missouri
Posted about 3 hours ago
Posted about 3 hours ago