InfoSecurity Archer Specialist Partners Healthcare
Somerville, MA

Job Description

About Us:

As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women's Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.

We're focused on a people-first culture for our system's patients and our professional family. That's why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees' personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development-and we recognize success at every step.

Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.

General Summary

The Governance, Risk and Compliance (GRC) Program Specialist will lead the ongoing expansion and operational support of Partners HealthCare's Enterprise GRC system, Archer. The incumbent must be able to integrate quickly into current efforts, produce high quality written documentation within established timelines, and apply critical analytic thinking across the diverse field of information security, privacy and application support.

The PHS GRC Program Specialist is responsible for all aspects of planning and implementation for Partners Healthcare ongoing efforts to expand the use and support of our Enterprise GRC system, Archer. This system has been in place for several years but is currently undergoing expansion as new use cases and enhanced functionality are identified. The incumbent will be responsible for planning, resourcing and overseeing execution for the day to day operational needs and enhancements.

The PHS GRC Program Specialist will provide significant leadership in addressing knowledge gaps and mentorship of junior members of the team to bring the support model into a sustainable and efficient service offering. To this end, the ideal candidate must have a deep and thorough understanding of the Archer platform, best practices and underlying or supporting technologies.

Archer is a key component in supporting the PHS IS Information Security program in a manner that fulfills the mission and strategic goals of the program while complying with state and federal laws and accreditation standards related to Risk Management; collaborating with site and PHS Information Security, Privacy and Compliance as required.

Principal Duties and Responsibilities

Indicate key areas of responsibility, major job duties, special projects and key objectives for this position. These items should be evaluated throughout the year and included in the written annual evaluation.

1. Technical leadership of the below processes:

a. Issue resolution

b. Change implementation

c. Enhancements

2. Server Maintenance and Patching

3. Maintaining and testing Disaster Recovery Plan for

4. Ensure all incoming requests for Archer enhancements or support are handled in a consistent and timely manner

5. Train or identify appropriate training opportunities for Archer support staff

6. Develop annual program plans with achievable milestones and timelines

7. Provide regular reporting of key performance metrics for the program and application

8. Oversee all Archer based project requests and day to day operational maintenance

9. Develop platform stabilization plan to improve response time and performance

10. Establish business processes where needed to formalize service delivery model

11. Consult on, coordinate and support cross-organizational GRC goals and objectives

12. Coordinate of all integrations with other technical platforms

13. Work with identified technical professional service professionals to coordinate major incremental Archer projects

14. Work with Archer Business Analysts to understand and develop business requirements and implement within appropriate business context

* Bachelor's degree in computer science, business administration, or equivalent discipline from an accredited college or university required
* 5 years of experience in IT/IS preferred
* 4 years of experience in an information security or information privacy role with experience in securing cloud, machine learning and big data security and internetworking devices and software, including some experience with large mission-critical networks is preferred
* Knowledge of Windows Server 2012 R2 and SQL Server
* Awareness or ability to understand HIPAA, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy regulatory requirements for healthcare entities
* Archer Certified Consultant required
* Extensive knowledge and experience in the design and development of RSA Archer GRC solutions, and thorough understanding of the business principles for GRC/IRM functions
* Experience in data feeds, data imports, and work flow implementation
* Experience in building/formulating computed fields to support solution implementation.
* Any of the following certifications is a plus:

PMP, ITIL, or any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, and GPEN

Skills/Abilities/Competencies Required

1. Genuine and proactive interest in information security and privacy concepts

2. Strong business and analytical skills to identify, write and negotiate business and technical requirements gathering

3. Outstanding time management and organizational skills required

4. Excellent written and verbal communication skills, effective interpersonal skills, strong formal presentation abilities and good leadership skills

5. Ability to interpret business objectives into functional information security & privacy activities that deliver against the risk management objectives

6. Some understanding of change management and ability to work under the required guidelines and deliver on business/project requirements

7. Ability to deal sensitively and effectively at all levels of the organization including both technical & non-technical, management, and senior leadership

8. Comfortable working in a dynamic environment with multiple work streams, goals, and objectives

9. High level critical thinking and strategic planning skills; ability to prioritize assignments

10. Ability to work independently with minimal supervision