"Alerted.org

Summary:

Schedule: Fulltime; 40hr; 1st shift; 8a-5p; on call coverage required.

This position reports to the Director of Information Security Operations and is responsible for working independently to maintain administrative, physical and technical information security safeguards that strengthen our information system posture and better support Baystate's Mission to improve the health of the people in our communities every day, as well as supports continued progress toward Baystate's Vision of becoming one of the leading health systems in the nation.

The incumbent will help lead incident response investigations, work with teams across the enterprise to enforce security controls, identify opportunities for improvement of security posture through people, process and technology and monitor compliance to policies, laws and regulations. The senior security analyst works with members of the IT division to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.

The incumbent will have a strong working knowledge of security frameworks such as HIPAA, NIST, ISO or other industry standards that are relevant to Baystate Health.

Job Responsibilities:

**1)** Conducts investigations of suspected security and privacy incidents, whether internal or external to Baystate and whether intentional or unintentional and organize, document and report investigation results within the organization. Coordinates investigations with clinical and administrative departments including Human Resources, client department management, Hospital Security, Corporate Compliance, Access and Guest Service Administration, and others as needed.

**2)** Conducts information system activity reviews: Monitors and tests application and network activity for assurance that systems of controls are in place and effective, and for compliance to BH policies, state and federal regulations. Information system activity reviews should include, but are not limited to; failed logins by administrators and general users, file accesses, security incident tracking reports, unauthorized software, dormant accounts, abandoned sessions, password sharing, data leakage, unauthorized deletion of corporate data, adequacy of auto-logoff and anti-malware configuration, and misuse of administrator accounts, internet access, remote access, personal use of network storage, etc.

**3)** Utilizes system reporting tools such as SIEM, EDR, DLP, etc. to assist in incident response investigations, monitoring security effectiveness and analyzing the output to suggest security improvements.

**4)** Researches new threats and vulnerabilities and mitigating administrative, physical and technical safeguards

**5)** Identifies, designs and implements information security projects, provide subject matter expertise to other IT department teams and ensuring that IT division project plans include appropriate security activities.

**6)** Monitors, assesses and recommends enhancements to Baystate Health's business continuity and recovery programs

**7)** Review and recommend enhancements to security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements along with processes that enable implementation.

**8)** Conducts risk assessments of Baystate Health information and technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of Baystate's information and technology systems.

**9)** Conducts periodic evaluations of technical and non-technical security safeguards to demonstrate and document compliance with Baystate's security policy and the requirements of the HIPAA Security Rule as required by HIPAA.

**10)** Works with partner health system departments to identify requirements, using methods that may include risk and business impact assessments.

**11)** Works with security leadership to develop strategies and plans to enforce security requirements and address identified risks.

**12)** Advises partner and IT division security administrators on normal and exception-based processing of security authorization requests.

**13)** Assist in the planning and facilitation of penetration testing and vulnerability assessments.

**14)** Recommends security configuration, operations and standards for security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.

Required Work Experience:

**1)** Minimum 8 years an IT Security role; Associates Degree

Preferred Work Experience:

**1)** Healthcare IT experience preferred

Skills and Competencies:

**1)** Security technologies such as EDR, SIEM, IAM, PAM, WAF, Firewall, email security and Cloud Computing.

**2)** Experience with threat hunting and incident response processes.

Education:

Associates Degree (Required)

Certifications:

Certified Information System Security Professional - OtherOther

Equal Employment Opportunity Employer

Baystate Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, ancestry, age, genetic information, disability, or protected veteran status.