Job Description
The Executive Office of Health and Human Services (EOHHS) is the largest secretariat in state government and is comprised of 11 agencies and the MassHealth program. Our efforts are focused on the health, resilience, and independence of the one in four residents of the Commonwealth we serve. Our public health programs touch every community in the Commonwealth. The Executive Office of Health and Human Services services directly touch the lives of slightly more than 1 in 4 residents in the Commonwealth - some of our most vulnerable children, youth, adults, and elders. HHS provides access to medical and behavioral health care, substance misuse treatment, long term services and support, and nutritional and financial benefits to those with low incomes. We connect elders and individuals with disabilities with employment opportunities, housing, and supportive services. We steer troubled youth towards a more successful path and do everything possible to keep children in our child welfare system safe. We support individuals who are developmentally disabled, mentally ill, blind, deaf or hard of hearing.
EOHHS is seeking to hire a highly motivated and detail-oriented IT Security Analyst to join the EOHHS Security Team. The IT Security Analyst will be primarily responsible for managing the ongoing review of information systems in the EOHHS environment to determine compliance with EOHHS and Agency security requirements. The incumbent of this role may be called upon to interface with external auditors and/or executive staff to report the Security Office's findings and corrective actions with respect to those reviews. The IT Security Analyst will be responsible for supporting and/or drafting policy and processes for EOHHS and its agencies in furtherance of management of the EOHHS security program.
The primary work location for this role will be 100 Hancock Street Quincy, Massachusetts, 02171. The work schedule for this position is Monday through Friday, 9:00AM to 5:00PM EST.
This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed. Up to 5% travel may be required.
Duties and Responsibilities:
Perform agency application vulnerability assessments and work with constituents to remediate findings.Perform agency application security and risk assessments through the distribution of assessment materials, conducting meetings, performing interviews, and collecting documentation in furtherance of the assessment.Participate in the process of risk assessments and risk management planning related to the information security features of agency applications, information technology resources, and related administrative activities.Clearly and completely document the result of security, vulnerability, and risk assessments in a manner prescribed by the CISO or otherwise consistent with Security Office Practice.Develop and refine plans of action and milestones or other remediation tracking documents. Assist in the development, implementation, and coordination of statewide incident response procedures.Facilitate 3rd party software assessments when requested by constituents.Ensure EOHHS & EOTSS Policy and Standards are implemented within the Secretariat.Provide requested data points to EOHHS CISO in a timely manner.Participate and assist in the maintenance of a system that fosters global security policies, procedures, standards, guidelines, and practices that are compliant with related law, regulation, policy, and professional standards and which ensure ongoing maintenance of information security.Access data for analysis using business intelligence tools and create reports and visualizations of data. Provide support by gathering data and performing issue analysis. Translate data and insights into actionable and relevant recommendations by utilizing visualization and/or data analysis tools, presentations, and other means to effectively communicate clear and concise conclusions. Conduct analysis on business operations and identify opportunities for process and/or system improvements. Create and maintain knowledge resources and materials in conjunction with stakeholders Create documentation, including but not limited to workflows, guidelines, processes, and procedures.Document business processes, system flows, and data flows; analyze processes; and recommend improvements. Establish and maintain system inventory, classification, and compliance for information security throughout the Agency and Secretariat as requested by the CISO.Develop rules for and reviews log monitoring with a view towards identifying and flagging improper behavior in the environment.Research industry best practice for information security to ensure:Policies and procedures are up to date and appropriately reflect such best practices. Such best practice methodology is incorporated into the internal assessment and inventory process.
Preferred Knowledge, Skills & Abilities:
Two (2) to three (3) years of experience in Information Security Operations and/or Security Compliance is required. Four (4) plus years is preferred.Two (2) to three (3) years of experience in Information Systems auditing processes and principals is required. Four (4) plus years is preferred. Proficient knowledge and understanding of application architecture.Proficient knowledge and hands-on experience with the following technical skill sets:Information systems auditing/assessments.Information Security principles.Network communications principles, technologies, and systems.Network and application protocols.Security tools such as SIEM and Vulnerability Management.Host security, passwords, UAIDs/GIDS, file permissions, file system integrity, use of security packages.Security frameworks such as HIPAA, NIST, ISO, etc. Possess the ability to work independently with limited supervision and limited direction, and in collaborative team environments. Excellent analytical, problem-solving, organization, and interpersonal skills. Strong oral and written communication skills with the ability to communicate at all levels of the organization. Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint, Access, and Visio). Prior experiencing as a business analyst or knowledge of business analyst responsibilities is preferred, but not required. Prior state government experience is preferred, but not required.
Education and Certifications:
Associates or Bachelor's Degree in Computer Science, Information Systems, Business Administration or other related field, or equivalent work experience.Information Security certifications are preferred.
Pre-Offer Process:
A criminal background check will be completed on the recommended candidate as required by the regulations set forth by the Executive Office of Health and Human Services prior to the candidate being hired. For more information, please visit http://www.mass.gov/hhs/cori.Education, licensure and certifications will be verified in accordance with the Human Resources Division's Hiring Guidelines.Education and license/certification information provided by the selected candidate(s) is subject to the Massachusetts Public Records Law and may be published on the Commonwealth's website.If you require assistance with the application/interview process and would like to request an ADA accommodation, please click on the link and complete the ADA Reasonable Accommodation Request Form.For questions, please the contact the Office of Human Resources at 1-800-510-4122 and select option #2.
Qualifications
First consideration will be given to those applicants that apply within the first 14 days.
Minimum Entrance Requirements:
Applicants must have at least (A) five years of full-time, or equivalent part-time, professional experience in electronic data processing, of which (B) at least three years must have been in work in which the major duties included computer systems analysis, or (C) any equivalent combination of the required experience and the substitutions below.
SUBSTITUTIONS:
I. An Associate's degree with a major in the field of data processing or computer programming may be substituted for a maximum of one year of the required (A) experience.
II. A Bachelor's degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.
III. A Graduate degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.
IV. A diploma for completion of a two year full-time, or equivalent part-time, program in a recognized non-degree granting business or vocational/technical school above the high school level with a major in the field of computer programming may be substituted for a maximum of one year of the required (A) experience.
V. An official transcript from a recognized business or vocational/ technical school as evidence of completion of a program consisting of at least 650 hours of instruction in the field of computer programming maybe substituted for a maximum of one year of the required (A) experience.
VI. Graduation from the data processing course of a recognized vocational/technical high school may be substituted for a maximum of one year of the required (A) experience.
Education toward such a degree or diploma will be prorated on the basis of the proportion of the requirements actually completed.
NOTE: No substitution will be allowed for more than two years of the required (A) experience.
NOTE: No substitution will be allowed for the three years of the required (B) experience.
Special Requirements: None.
Comprehensive Benefits
When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.
Want the specifics? Explore our Employee Benefits and Rewards!
An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.
The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role.