Information Security Engineer 1

As a notforprofit organization Partners HealthCare is committed to supporting patient care research teaching and service to the community by leading innovation across our system. Founded by Brigham and Womens Hospital and Massachusetts General Hospital Partners HealthCare supports a complete continuum of care including community and specialty hospitals a managed care organization a physician network community health centers home care and other healthrelated entities. Several of our hospitals are teaching affiliates of Harvard Medical School and our system is a national leader in biomedical research.

Were focused on a peoplefirst culture for our systems patients and our professional family. Thats why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal developmentand we recognize success at every step.

Our employees use the Partners HealthCare values to govern decisions actions and behaviors. These values guide how we get our work done: Patients Affordability Accountability & Service Commitment Decisiveness Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion Integrity & Respect Learning Continuous Improvement & Personal Growth Teamwork & Collaboration.

General Overview/Summary

Under the direction of the Partners HealthCare SecEng Team Lead and Corporate Manager for Security Operations responsible for the overall daytoday operation of security tools and services supporting the Partners HealthCare System.

Responsible for configuration and deployment of the services supporting the Information Security program including Application Testing Vulnerability Scanning Privileged Identity Management Data Masking and others. Supports issues escalated from users. Working as part of the team assists with the planning and of new deployments and upgrades. Recommends changes to information systems operating procedures and standards to maximize information security. Documents the associated security services and develops training material.

Will be responsible for project support of several key strategic information technology initiatives for Partners HealthCare and its affiliates. The incumbent will work closely with business committees IT management and crossbusiness process teams to define business needs project approach scope and work plan to meet both system and operational objectives.

Principal Duties and Responsibilities

Responsible for delivery of security services supporting the information security and privacy program.
Configures deploys and maintains security equipment and related applications and platforms throughout PHS.
Develops and documents the services supporting the information security and risk management program safeguarding patients staff facilities and physical information system assets.
Develops and presents information security training and educational material to staff as necessary.
Develops an understanding of current issues in the realm of information security. Subscribes to major industry newsgroups and mailing lists and assess the impact of all emerging issues on systems and practices at Partners.
Monitors security bulletins and alerts from all Partners information system vendors. Evaluates vulnerability impact and formulates and executes risk mitigation plans.
Develops a broad understanding of information security including HIPAA Mass ID Theft regulation 201 CMR 17 PCI ISO27002 NIST and other information security frameworks and regulations.
Works with regulatory agencies as needed to evaluate and assure regulatory compliance with information security regulations.
Develops supports and maintains the infrastructure centralizing and federating information security reports logs and metrics helping to measure the implementation and success of security services
Uses the Partners HealthCare values to govern decisions actions and behaviors. These values guide how we get our work done: Patients Affordability Accountability & Service Commitment Decisiveness Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion Integrity & Respect Learning Continuous Improvement & Personal Growth Teamwork & Collaboration.
Occasional after hours and weekend work to perform tasks that cannot be done during business hours.
When scheduled to do so carries pager and/or cell phone 24x7.

Bachelors degree (B.A./B.S. or equivalent in CS/MIS/IT or equivalent discipline from an accredited college or university required.
3 years of experience in an information technology role or experience with security and internetworking devices and software.
Any relevant information security privacy and process certification(s) e.g. CISSP SSCP CISSLP CISM CISA GSEC GCIH CEH GPEN GWEB GWAPT ITIL Security PMP or PCIP. At least one security related qualification is preferred.
Knowledge of HIPAA Mass ID Theft regulation 201 CMR 17 PCIDSS and other appropriate information security regulatory requirements for healthcare entities desirable.
Demonstrable technical knowledge for administering and deploying multiple host operating systems including Microsoft Windows Server and Linux.

Skills/Abilities/Competencies Required

Excellent analytical and reasoning skills particularly in solving difficult problems.
Ability to assume high levels of responsibility and to work with a minimum of daytoday supervision.
Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy.
Ability to function as a member of the information security team and to work collaboratively with multiple institutions departments and technical operations staffs across multiple facilities.
Excellent written and verbal communication
Excellent time management skills and the ability to multitask
Demonstrated ability defining services and building documentation and training material
Exceptional customer service and relationship management skills.
Excellent organizational skills.
Knowledge of the following Technologies a plus:
o Web technologies
o Application vulnerability scanning (DAST and SAST)
o Privileged Identity Management systems
o Network protocols with strong emphasis on TCP/IP
o Vulnerability Assessment and Management
o PCI DSS Compliance
o Cloud technologies including SaaS
o Centralized logging and correlation solutions
o Governance Risk and Compliance tools

Working Conditions

Office with some travel in the greater Boston and suburban area.