Secretariat Security Analyst Commonwealth Of Massachusetts
Quincy, MA

Job Description

The Executive Office of Health and Human Services (EHS) is the largest secretariat in MA state government and is comprised of 12 agencies, in addition to 2 soldiers' homes and the MassHealth program. EHS services directly touch the lives of slightly more than 1 in 4 residents in the Commonwealth - some of our most vulnerable children, youth, adults, and elders. EHS provides access to medical and behavioral health care, substance misuse treatment, long term services and support, and nutritional and financial benefits to those with low incomes. We connect elders, individuals with disabilities, and veterans with employment opportunities, housing, and supportive services. We steer troubled youth towards a more successful path and do everything possible to keep children in our child welfare system safe. We support individuals who are developmentally disabled, mentally ill, blind, deaf or hard of hearing.

This position is intended to primarily be that of an internal assessment specialist who manages the ongoing review of information systems in the EOHHS environment to determine compliance with EOHHS and Agency security requirements. As a corollary to that work, the Secretariat Security Analyst may be called upon to interface with external auditors to report the Security Office's findings and corrective actions with respect to those reviews. Secondarily, the position will occasionally require supporting and/or drafting policy and processes for EOHHS and its Agencies in furtherance of management of the EOHHS security program.

Responsibilities

* Must possess training and experience required to administer the information security functions of the Secretariat


* Ensures EOHHS Policy and Standards are implemented within the Secretariat


* Works under the direction of the EOHHS CSO provide security guidance


* Provides requested data points to EOHHS CSO in a timely manner


* Participates and reviews (not coordinates, executes, aggregates) audits, assists in the development of POAMs, and provides recommendations


* Participates and assists in the maintenance of a system that fosters global security policies, procedures, standards, guidelines and practices that are compliant with related law, regulation, policy, and professional standards and which ensure ongoing maintenance of information security


* Participates in the process of risk assessments and risk management planning related to the information security features of systems, networks, information technology resources and related administrative activities.


* Assist in the investigation of security breaches, and the disciplinary or legal matters associated with such breaches as determined by the CSO


* Participate in independent security audits and work with outside consultants as appropriate


* Liaise with the CTO team for security questions and information security recommendations based on best practices


* Assist in the development, implementation and coordination of statewide incident response procedures.


* Establish and maintain system inventory, classification, and compliance for information security throughout the Agency and Secretariat as requested by the CSO


* Performs security and risk assessments through the distribution of assessment materials, conducting meetings, performing interviews, and collecting documentation in furtherance of the assessment


* Clearly and completely document the result of security and risk assessments in a manner prescribed by the CSO or otherwise consistent with Security Office Practice


* Researches industry best practice for information security to ensure: 1) policies and procedures are up to date and appropriately reflect such best practices and 2) such best practice methodology is incorporated into the internal assessment and inventory process


* Manages the creation of any documentation to facilitate the above duties


* Works with Agency and Secretariat staff necessary to accomplish the above duties


* Works with Agency and Secretariat staff for second and third level InTempo support



Qualifications

* Demonstrated ability to write and communicate in an intelligible and professional manner


* Demonstrated ability to think critically


* Demonstrated ability to work independently and, in doing so, appropriately manage a significant assessment workload



Qualifications Acquired on the job

* Competence in various security frameworks including HIPAA and NIST


* Competence in performing audits and assessments


* Competence in the development or policy, process, and procedure


* Competence in EOHHS and its Agencies' security operations



Total Compensation:

As an employee of the Commonwealth of Massachusetts you are offered a great career opportunity influencing a wide-spectrum of services to the diverse populations we serve - but it's more than a paycheck. The State's total compensation package features an outstanding set of employee benefits which you should consider towards your overall compensation, including:

* 75% state paid medical insurance premium
* Reasonable Dental and Vision Plans
* Flexible Spending Account and Dependent Care Assistance programs
* Low cost basic and optional life insurance
* Retirement Savings: State Employees' Pension and a Deferred Compensation 457(b) plan
* 11 paid holidays per year and competitive Sick, Vacation and Personal Time
* Tuition Benefit for employee and spouse at state colleges and universities
* Long-Term Disability and Extended Illness program participation options
* Incentive-based Wellness Programs
* Professional Development and Continuing Education opportunities
* Qualified Employer for Public Service Student Loan Forgiveness Program

Pre-Hire Process:

A criminal background check will be completed on the recommended candidate as required by the regulations set forth by the Executive Office of Health and Human Services prior to the candidate being hired.

For more information, please visit http://www.mass.gov/hhs/cori and click on "Information for Job Applicants."

Education, licensure and certifications will be verified in accordance with the Human Resources Division's Hiring Guidelines

For questions, please the contact the CYF Office of Human Resources at 1-800-510-4122 and select option #2.

First consideration will be given to those applicants that apply within the first 14 days.

Minimum Entrance Requirements:

Applicants must have at least (A) five years of full-time, or equivalent part-time, professional experience in electronic data processing, of which (B) at least three years must have been in work in which the major duties included computer systems analysis, or (C) any equivalent combination of the required experience and the substitutions below.

SUBSTITUTIONS:

I. An Associate's degree with a major in the field of data processing or computer programming may be substituted for a maximum of one year of the required (A) experience.*

II. A Bachelor's degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.*

III. A Graduate degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.*

IV. A diploma for completion of a two year full-time, or equivalent part-time, program in a recognized non-degree granting business or vocational/technical school above the high school level with a major in the field of computer programming may be substituted for a maximum of one year of the required (A) experience.*

V. An official transcript from a recognized business or vocational/ technical school as evidence of completion of a program consisting of at least 650 hours of instruction in the field of computer programming maybe substituted for a maximum of one year of the required (A) experience.*

VI. Graduation from the data processing course of a recognized vocational/technical high school may be substituted for a maximum of one year of the required (A) experience.

* Education toward such a degree or diploma will be prorated on the basis of the proportion of the requirements actually completed.

NOTE: No substitution will be allowed for more than two years of the required (A) experience.

NOTE: No substitution will be allowed for the three years of the required (B) experience.

Special Requirements: None.

An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.