Position Summary
The Information Security Analyst (ISA) will collaborate with Boston Medical Center Health System's (BMCHS) various internal and external business units to build relationships and foster a culture that considers information security. The ISA directs, coordinates, plans, and organizes information security activities throughout the hospital or health plan, while acting as the focal point for all information security communications. The ISA is responsible for implementing the controls needed to protect both BMCHS information and information entrusted to Clearway Health by third parties.
The ISA is responsible for planning, coordinating and implementing Clearway Health information security program. The ISA will lead or participate in the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to protect the confidentiality, integrity and availability of information and to prevent, detect, contain, and correct information security breaches by aligning information security standards and compliance with statutory and regulatory requirements.
The ISA also monitors security and privacy trends and coordinates with Boston Medical Center (hospital or health plan) risk management, legal, human resources, Health Information Management, and compliance departments to keep abreast of relevant laws and legislation (locally and nationally) to ensure that the security and privacy programs are updated when appropriate to maintain ongoing compliance.
Position: Information Security Analyst
Department: Clearway Health
Schedule: Full-Time, Remote
Essential Responsibilities / Duties- Responsible for Information Security Program (ISP) development and implementation
- Identify protection goals, objectives and metrics consistent with organizations strategic plan
- Incident response program development
- Security awareness program development
- Business continuity and disaster recovery program development
- Determine the acceptable level of information security risk in conjunction with senior management. Advise management on information security risks and appropriate course of action.
- Conducts threats and vulnerability assessments to properly analyze the risks to information security and determines appropriate measures to effectively manage those risks
- Work with management to prioritize security initiatives and spending based on appropriate risk management methodology
- Manage the investigation of security breaches or potential breaches and assist with disciplinary and legal matters associated with such breaches
- Work with outside consultants as appropriate for independent security audits
- Participate in the evaluation, selection and implementation of security products and technologies
- Develop enterprise education and communication plans.
- Maintain deep knowledge of legal requirements and market standards of information security.
(The above statements in this job description are intended to depict the general nature and level of work assigned to the employee(s) in this job. The above is not intended to represent an exhaustive list of accountable duties and responsibilities required).
Education
JOB REQUIREMENTS
- Master's degree in a related field or the professional certifications Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Auditor (CISA) is highly desirable.
Certificates, Licenses, Registrations Required
- Professional certifications of Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) is highly desirable.
Experience
- Seven plus years of experience in a large (over 2,000 users) Information Technologies department. Large Healthcare IT Enterprise experience is preferred.
Knowledge And Skills
- Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
- Must have a solid understanding of information technology and information security.
- Strong verbal and written communication skills.
- Ability to articulate highly technical information into real world business impact at a senior management level and, conversely, ability to translate senior management business initiatives into actionable technical designs.
- Must understand the unique requirements of security in a healthcare setting.
Req id: 25960