Partners HealthCare(PHS) – Somerville, MA
As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.
We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.
Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
With guidance from senior members of the team, this individual assists with the Partners HealthCare enterprise-wide information security risk management program through active engagement with business owners including information gathering, risk analysis, and reporting.
The Information Security & Privacy Associate Analyst (ISPAA) is responsible for coordinating and scheduling information security & privacy assessments with business owners, working with team members to conduct assessments and develop remediation plans using evolving business processes and tools, documenting the effort in Archer, and following up with business owners on remediation plans.
Principal Duties and Responsibilities
1. Work with team members to coordinate and perform information system and third-party risk assessments, following a NIST-based methodology.
2. Assist in guiding business owners and end-users on the implementation of solutions that comply with IS security policies and standards.
3. Assist in prioritizing departmental tasks including new risk assessments and cybersecurity variance requests according to departmental processes.
4. With guidance from other team members, document assessments, variances, findings, and remediation plans in Archer.
5. Maintain a current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy and security technologies to ensure adaptation and compliance.
6. Maintains awareness of new technologies and related opportunities for impact on system or application security.
7. Conduct information security research in keeping abreast of latest security issues and keeps abreast of testing tools, techniques, and process improvements in support of security event detection and analysis.
8. Uses the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
9. Local travel to PHS Sites
10. Performs other duties as assigned.
Bachelor’s degree (B.A. / B.S.) or equivalent in computer science, business administration, or equivalent discipline from an accredited college or university required.
1-2 years of experience in IT/IS required.
1-2 years of exposure to information security or information privacy functions.
Knowledge of HIPAA, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy regulatory requirements for healthcare entities a plus.
Knowledge of NIST 800-53, ISO 27K, GDPR, PCI-DSS is desirable.
Legal background is desirable.
Any of the following certifications is a plus:
ITIL, any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, GPEN, and PMP
Skills, Abilities and Competencies
1. The candidate for this role must have very strong business and analytical skills to represent the information security & privacy office policies.
2. Outstanding time management and organizational skills required.
3. An ability to work under the required guidelines and deliver on business/project requirements.
4. Ability to work with both team members and staff in a professional manner.
5. Comfortable working in a dynamic environment with multiple work streams, goals, and objectives.
6. Possess ability to recommend to ISPO leadership team to prioritize project related tasks.
7. Excellent written and verbal communication and effective interpersonal skills is critical.
8. Understanding of Windows, Unix/Linux operating systems, security administration, virtualization, and TCP/IP networking.
9. Ability to work independently with minimal supervision.
EEO Statement Partners HealthCare is an Equal Opportunity Employer & by embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law.
: MA-Somerville-Assembly Row – PHS
Assembly Row – PHS
399 Revolution Drive
: Information Security
: Partners HealthCare(PHS)
Standard Hours : 40
: Day Job
Recruiting Department : PHS Information Systems
: May 24, 2018