Information Security Analyst (Information & Technology Services - ITS) - Boston Public Health Commission

Under the direction of the Security Officer, the Information Security Analyst (ISA) is responsible for planning and implementing security measure to protect computer systems, networks and data. Information security analyst is expected to stay up-to-date on the latest intelligence, including hackers' methodologies, in order to anticipate security breaches. Work with state-of-the-art security tools including but not limited to, such tools as IDS/IPS, HIPS, Anti-Virus & Malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, firewalls, vulnerability scanners, and encryption in order to support security across the enterprise. Participating in on-call rotation required. The ISA will work in a confidential capacity with Technical Services, Director and CIO.



DUTIES


* Analyze computing environments to determine vulnerabilities, recommend safeguards to mitigate risk, and perform compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures.
* Perform project leadership tasks on select security projects.
* Support new security project evaluations.
* Provide assistance, guidance, support & remediation of security architectural/technical issues to both the business and internal IT.
* Participate in the change control process as an advocate to keep information security integrated & involved in all changes.
* Support information security audit information gathering, review & remediation.
* Continually review and enhance existing knowledge of the security aspects of common product sets and technologies.
* Perform risk assessment on data systems and infrastructure.
* Develop and implement an Incident Reporting and Response System to address BPHC security incidents.
* Develop and implement an ongoing risk assessment program targeting information security and privacy matters.
* Responsible for coordination, planning and implementing quarterly security testing
* Enforces security policies and procedures by monitoring security profiles and systems
* Reviews security violation reports and investigates possible security exception. Updates, maintains and documents security controls.
* Develops, implements, and ensures documentation of security standards, procedures, processes, guidelines and policies.
* Responsible for planning and implementing end user security training as needed
* Works in a confidential capacity. Operates independently. Uses independent judgment and discretion to make decisions affecting the department and staff as it relates to unit operations/services and BPHC policy. Make and recommend management and personnel decisions for, including but not limited to promotion, transfer and assignment of staff, and imposition of discipline.
* Perform other duties as required.



MINIMUM REQUIREMENTS


* Bachelor's Degree in Computer Science, engineering or related field or 4-5 years experience in information security or information assurance field is required. Minimum of 2 years experience developing and administering an information security program. Excellent project management, written and oral communication skills are essential. Ability to work as part of a team is essential.
* Strong problem solving and analytical are essential.
* Certifications are a plus: CISSP, CISM, CISA, Security.
* Experience with security tools and assessments; familiarity with Windows administration; strong understanding of networking and network protocols; in-depth knowledge of information security risks and counter-measures for Windows, Unix/Linux and SQL platforms; hands-on experience in networking, information systems security, risk assessments, and penetration testing.
* Experience in information security compliance, such as PCI, and HIPAA/HITECH a plus.

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled