IT Security Analyst - ( 22000BUG )
Description
The Massachusetts Executive Office of Health and Human Services (EOHHS) is the largest secretariat in MA state government, comprised of 16 agencies with over 20,000 employees statewide. EOHHS services directly touch the lives of slightly more than 1 in 4 residents in the Commonwealth – some of our most vulnerable children, youth, adults, and elders. EOHHS provides access to medical and behavioral health care, substance misuse treatment, long term services and support, and nutritional and financial benefits to those with low incomes. We connect elders, individuals with disabilities, and veterans with employment opportunities, housing, and supportive services. We steer troubled youth towards a more successful path and do everything possible to keep children in our child welfare system safe. We support individuals who are developmentally disabled, mentally ill, blind, deaf, or hard of hearing.
EOHHS is seeking to hire a highly motivated and detail-oriented
IT Security Analyst. As a member of the
EOHHS Security Team, the
IT Security Analyst will be primarily responsible in managing the ongoing review of information systems in the EOHHS environment to determine compliance with EOHHS and Agency security requirements. As a corollary to that work, the incumbent of this role may be called upon to interface with external auditors and/or executive staff to report the Security Office’s findings and corrective actions with respect to those reviews. This individual will also be responsible for supporting and/or drafting policy and processes for EOHHS and its Agencies in furtherance of management of the EOHHS security program.
The primary work location for this role will be at
100 Hancock Street Quincy, Massachusetts 02171. The work schedule for this position is
Monday thru Friday, 9:00AM to 5:00PM.
Up to 5% travel may be required. This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed.
Responsibilities - Perform agency application vulnerability assessments and work with constituents to remediate findings.
- Perform agency application security and risk assessments through the distribution of assessment materials, conducting meetings, performing interviews, and collecting documentation in furtherance of the assessment.
- Participate in the process of risk assessments and risk management planning related to the information security features of agency applications, information technology resources and related administrative activities.
- Clearly and completely document the result of security, vulnerability, and risk assessments in a manner prescribed by the CISO or otherwise consistent with Security Office Practice.
- Develop and refine plans of action and milestones or other remediation tracking documents.
- Assist in the development, implementation, and coordination of statewide incident response procedures.
- Facilitate 3 rd party software assessments when requested by constituents.
- Ensure EOHHS & EOTSS Policy and Standards are implemented within the Secretariat.
- Provide requested data points to EOHHS CISO in a timely manner.
- Participate and assist in the maintenance of a system that fosters global security policies, procedures, standards, guidelines, and practices that are compliant with related law, regulation, policy, and professional standards and which ensure ongoing maintenance of information security.
- Establish and maintain system inventory, classification, and compliance for information security throughout the Agency and Secretariat as requested by the CISO.
- Develop rules for and reviews log monitoring with a view towards identifying and flagging improper behavior in the environment.
- Research industry best practice for information security to ensure:
- Policies and procedures are up to date and appropriately reflect such best practices.
- Such best practice methodology is incorporated into the internal assessment and inventory process.
- Manage the creation of any documentation to facilitate the above duties.
Preferred Knowledge, Skills & Abilities - Two (2) to three (3) years of experience in Information Security Operations and/or Security Compliance is required. Four (4) plus years is preferred.
- Two (2) to three (3) years of experience in Information Systems auditing processes and principals is required. Four (4) plus years is preferred.
- Proficient knowledge and understanding of application architecture.
- Proficient knowledge and hands-on experience with the following technical skill sets:
- Information systems auditing/assessments.
- Information Security principles.
- Network communications principles, technologies, and systems.
- Network and application protocols.
- Security tools such as SIEM and Vulnerability Management.
- Host security, passwords, UAIDs/GIDS, file permissions, file system integrity, use of security packages.
- Demonstrated ability to think critically.
- Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments.
- Knowledge of various security frameworks such as HIPAA, NIST, ISO, etc.
- Excellent analytical, problem-solving, and interpersonal skills.
- Strong oral and written communication skills with the ability to communicate at all levels of the organization.
- Superior organizational skills, self-driven with attention to detail and follow-through on tasks.
- Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint, Access, and Visio).
- Prior state government experience is desirable.
Education And Certifications
- Associates or Bachelor’s Degree in Computer Science, Information Systems, Business Administration or other related field, or equivalent work experience.
- Information Security certifications are preferred.
Qualifications
First consideration will be given to those applicants that apply within the first 14 days.
Minimum Entrance Requirements
Applicants must have at least (A) five years of full-time, or equivalent part-time, professional experience in electronic data processing, of which (B) at least three years must have been in work in which the major duties included computer systems analysis, or (C) any equivalent combination of the required experience and the substitutions below.
Substitutions
I. An Associate's degree with a major in the field of data processing or computer programming may be substituted for a maximum of one year of the required (A) experience.*
II. A Bachelor's degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.*
III. A Graduate degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.*
IV. A diploma for completion of a two year full-time, or equivalent part-time, program in a recognized non-degree granting business or vocational/technical school above the high school level with a major in the field of computer programming may be substituted for a maximum of one year of the required (A) experience.*
V. An official transcript from a recognized business or vocational/ technical school as evidence of completion of a program consisting of at least 650 hours of instruction in the field of computer programming maybe substituted for a maximum of one year of the required (A) experience.*
VI. Graduation from the data processing course of a recognized vocational/technical high school may be substituted for a maximum of one year of the required (A) experience.
- Education toward such a degree or diploma will be prorated on the basis of the proportion of the requirements actually completed.
NOTE: No substitution will be allowed for more than two years of the required (A) experience.
NOTE: No substitution will be allowed for the three years of the required (B) experience.
Special Requirements: None.
Comprehensive Benefits
When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.
Want the specifics? Explore our Employee Benefits and Rewards!
Executive Order #595: As a condition of employment, successful applicants will be required to have received COVID-19 vaccination or an approved exemption as of their start date. Details relating to demonstrating compliance with this requirement will be provided to applicants selected for employment. Applicants who receive an offer of employment who can provide documentation that the vaccine is medically contraindicated or who object to vaccination due to a sincerely held religious belief may make a request for exemption.
An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.
The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role.
Official Title : Edp Systems Analyst IV
Primary Location : United States-Massachusetts-Quincy - 100 Hancock Street
Job : Information Systems and Technology
Agency : Exec Office Of Health and Human Services
Schedule : Full-time
Shift : Day
Job Posting : Nov 17, 2022, 5:17:23 PM
Number of Openings : 2
Salary : 74,658.74 - 107,692.78 Yearly
If you have Diversity, Affirmative Action or Equal Employment Opportunity questions or need a Reasonable Accommodation, please contact Diversity Officer / ADA Coordinator : Johny Laine (Johny.Laine@mass.gov) - 6173485067
Bargaining Unit : 06-NAGE - Professional Admin.
Confidential : No
Hybrid Work Eligible : Yes