As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women's Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.
We're focused on a people-first culture for our system's patients and our professional family. That's why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees' personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development-and we recognize success at every step.
Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
Under the direction of the Partners HealthCare Chief Information Security and Privacy Officer, the incumbent provides leadership to all aspects of the information security program at Newton Wellesley Hospital (NWH) and Partners Healthcare System (PHS). The Information Security Analyst 2 works closely with the NWH Information Officer, the NWH Privacy Officer, and various hospital committees to identify security related needs such as policy development and compliance, education and training efforts, and risk assessment and breach mitigation strategies in order to most effectively safeguard NWH and PHS information assets.
Principal Duties and Responsibilities
* Facilitates the implementation of the Partners HealthCare system-wide information security program at NWH and PHS.
* Provides for training on IS security for various committees, departments and disciplines.
* Participates in IS risk management activity at NWH, including the identification of application and vendor risks, and appropriate mitigation activity. Present findings and recommendations related to risk assessments to hospital leadership.
* Participates in the selection and deployment of Partners system-wide security technologies, vendors and related controls.
* Collaborates with NHW Health Information Management, Police and Security, and Partners' Information Security teams to investigate information security incidents, and report on such incidents to NWH and PHS leadership.
* Works with clinical and administrative departments to achieve compliance with governmental regulations (HIPAA security standards, MA 201 CMR 17.00 etc) and hospital policies for protecting individually identifiable health information that is transmitted or stored electronically.
* Maintains security documentation as required for outside regulatory agencies (Joint Commission, Office of Civil Rights, Department of Public Health, etc).
* Communicates closely with NWH leadership committees regarding the system-wide information security program.
* Represents NWH on the Partners HealthCare Information Security Operating Committee, participating in Committee subgroups and security-related initiatives.
* Works closely with the NWH Privacy Office on implementing system-wide information security policies and standards at NWH.
* Advises on security requirements for all technology initiatives managed and/or supported by the NWH Chief Information Officer and his/her staff.
* Participates in ongoing privacy and security compliance activity directed by the NWH Privacy Officer.
* Collaborates with other units in the Partners HealthCare Information Security and Privacy Department as necessary.
* Monitors and assure that policies and procedures related to accuracy, integrity, confidentiality and security are adhered to by hospital staff during implementation and maintenance of information systems.
* Keeps abreast of the latest security related technology, practices and applicable information security regulations.
* Participates in the PCI Compliance activity relating to NWH, including documentation, facilitation and remediation work as required
* Occasional after hours and weekend work to perform tasks that cannot be done during business hours.
* Use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
* Performs other duties as assigned
* Bachelor's degree in computer science or related field required.
* 5 years of progressively responsible experience in an information security or technology field.
* Knowledge and experience with information security in healthcare a plus.
* Any relevant information security, privacy and process certification(s), e.g. CISSP, SSCP, CISSLP, CISM, CISA, GCIH, ITIL, PMP and PCIP. At least one security related qualification is required.
* Familiarity with ITIL, ISO 27002, NIST Special Publications, and related standards and frameworks.
* Knowledge of or experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems.
* Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status.
* Knowledge of information systems technology, products, services, and customers.
* Excellent analytic and reasoning skills, particularly in solving difficult problems.
* Ability to assume high levels of responsibility and to work with a minimum of day-to-day supervision.
* Excellent interpersonal skills to effectively communicate with technical teams, cross-functional teams, and staff at all levels of the organization including both technical and non-technical personnel
* Ability to successfully negotiate and collaborate with others of different skill sets, backgrounds and levels within and external to the organization
* Demonstrated strong commitment to customer service and teamwork.
* Excellent written and verbal communication skills
* Excellent time management skills and the ability to multitask
* Demonstrated ability defining services, and building documentation and training material
* Exceptional customer service and relationship management skills.
* Proven project management skills
* Excellent presentation skills, with that ability to effectively communicate with all levels of management
* Knowledge of HIPAA Security Rule, and other healthcare information security regulatory requirements.
About Partners Healthcare
Partners HealthCare is a not-for-profit health care system that is committed to patient care, research, teaching, and service.