InfoSec & Privacy Cloud Engineer Partners Healthcare
Somerville, MA

Job Description

About Us:

As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women's Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.

We're focused on a people-first culture for our system's patients and our professional family. That's why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees' personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development-and we recognize success at every step.

Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration

General Summary:

The ideal candidate for the role of a PHS Information Security and Privacy Cloud Engineer must have a genuine and proactive desire drive best practices for implementing, administering and evolving effective information security and privacy program based initiatives at the Enterprise-level. Individuals must be able to integrate quickly into current efforts, produce high quality written documentation within established timelines, and apply critical analytic thinking across the diverse field of information security and privacy.

The PHS Information Security and Privacy Cloud Analyst is responsible for technical design and implementation of Partners Healthcare Business and Technology cloud-based; Machine Learning and AI and Big Data initiatives that impact all Partners Healthcare Entities, Employees, and Agents to provide support in securing cloud-based implementations.

The PHS Information Security Cloud Engineer will provide significant ownership in developing enterprise-wide configuration guidance, enterprise toolset offerings and implementation support to address immediate risk areas and train new staff as onboarded, in addition to working with committees, leadership and staff throughout institution(s) and Partners Healthcare System (PHS) to understand the business and operational objectives in order to identify and support security related needs.

Participates in the development and implementation of the PHS IS Information Security program in a manner that fulfills the mission and strategic goals of the program while complying with state and federal laws and accreditation standards related to Risk Management; collaborating with site and PHS Information Security, Privacy and Compliance as required.

Maintains up to date knowledge of, and expertise in the administration and management of PHS- and site-base information security program and assists Information Security Officers in these initiatives.

Principal Duties and Responsibilities

1. Manage CASB solution, understand and review cloud solution security controls, design configuration controls, participate in consultation meetings on the adoption and implementation of Cloud, machine learning, AL and Big Data

2. This person is passionate about technology itself while keeping awareness of the need for information to be secure. This person is expected to be the most well versed of the team in technology itself which would include learning about new technologies including mobile devices, wearables and IoTs. This person would assist the rest of the team in understanding any technology in use for specific projects.

3. The ideal person for this position would be passionate about Big Data and how it can be used by multiple technologies including data warehouses and machine learning leading ultimately to projects involving fully implemented artificial intelligence.

4. This person would work closely with the Information Security Analyst due to the amount of data in question and with the Information Security Cloud Specialist, as most of these projects would require high computing power available only through some cloud providers.

Bachelor's degree* (B.A. / B.S.) in computer science, business administration, or equivalent discipline from an accredited college or university required.

* 3-5 years of experience in IT/IS preferred.
* 3-5 years of experience in an information security or information privacy role with experience in securing cloud, machine learning and big data security and internetworking devices and software, including some experience with large mission-critical networks is preferred.
* Awareness or ability to understand HIPAA, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy regulatory requirements for healthcare entities.
* Bachelor's degree from a four-year accredited college/university may be substituted.
* Any of the following certifications is a plus:

PMP, ITIL, or any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, GPEN, and PMP

Skills/Abilities/Competencies Required

1. Genuine and proactive interest in information security and privacy concepts

2. Strong business and analytical skills to identify, write and negotiate business and technical requirements gathering

3. Outstanding time management and organizational skills required

4. Excellent written and verbal communication skills, effective interpersonal skills, strong formal presentation abilities and good leadership skills

5. Ability to interpret business objectives into functional information security & privacy activities that deliver against the risk management objectives

6. Some understanding of change management and ability to work under the required guidelines and deliver on business/project requirements

7. Ability to deal sensitively and effectively at all levels of the organization including both technical & non-technical, management, and senior leadership

8. Comfortable working in a dynamic environment with multiple work streams, goals, and objectives

9. High level critical thinking and strategic planning skills; ability to prioritize assignments

10. Ability to work independently with minimal supervision