Information Security Analyst (Information & Technology Services - ITS)
Boston, MA, United States
Job Description
Under the direction of the Security Officer, the Information Security Analyst (ISA) is responsible for planning and implementing security measure to protect computer systems, networks and data. Information security analyst is expected to stay up-to-date on the latest intelligence, including hackers' methodologies, in order to anticipate security breaches. Work with state-of-the-art security tools including but not limited to, such tools as IDS/IPS, HIPS, Anti-Virus Malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, firewalls, vulnerability scanners, and encryption in order to support security across the enterprise.Participating in on-call rotation required. The ISA will work in a confidential capacity with Technical Services, Director and CIO.
DUTIES
Analyze computing environments to determine vulnerabilities, recommend safeguards to mitigate risk, and perform compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures.
Perform project leadership tasks on select security projects.
Support new security project evaluations.
Provide assistance, guidance, support remediation of security architectural/technical issues to both the business and internal IT.
Participate in the change control process as an advocate to keep information security integrated involved in all changes.
Support information security audit information gathering, review remediation.
Continually review and enhance existing knowledge of the security aspects of common product sets and technologies.
Perform risk assessment on data systems and infrastructure.
Develop and implement an Incident Reporting and Response System to address BPHC security incidents.
Develop and implement an ongoing risk assessment program targeting information security and privacy matters.
Responsible for coordination, planning and implementing quarterly security testing
Enforces security policies and procedures by monitoring security profiles and systems
Reviews security violation reports and investigates possible security exception. Updates, maintains and documents security controls.
Develops, implements, and ensures documentation of security standards, procedures, processes, guidelines and policies.
Responsible for planning and implementing end user security training as needed
Works in a confidential capacity. Operates independently. Uses independent judgment and discretion to make decisions affecting the department and staff as it relates to unit operations/services and BPHC policy. Make and recommend management and personnel decisions for, including but not limited to promotion, transfer and assignment of staff, and imposition of discipline.
Perform other duties as required.
Minimum Qualifications
MINIMUM REQUIREMENTS Bachelor's Degree in Computer Science, engineering or related field or 4-5 years experience in information security or information assurance field is required. Minimum of 2 years experience developing and administering an information security program. Excellent project management, written and oral communication skills are essential. Ability to work as part of a team is essential.
Strong problem solving and analytical are essential.
Certifications are a plus: CISSP, CISM, CISA, Security+.
Experience with security tools and assessments; familiarity with Windows administration; strong understanding of networking and network protocols; in-depth knowledge of information security risks and counter-measures for Windows, Unix/Linux and SQL platforms; hands-on experience in networking, information systems security, risk assessments, and penetration testing.
Experience in information security compliance, such as PCI, and HIPAA/HITECH a plus.
Additional Information
City of Boston Residency Required, A Criminal Offenders Records Information request must be completed for this position. However, a record is not an automatic bar to employment but is reviewed in relation to the job applied for., Any position that requires an advanced degree will be subject to education verification, The Boston Public Health Commission is an EEO Employer and all applicants meeting the minimum requirements are eligible to apply
Shift
35 hours per week; 9AM to 5PM, Monday to Friday