Cyber Security Analyst

Location: Woburn, MA
Job ID: 143637-1A
Date Posted: Oct 30, 2018

Job Description

Welcome To

Lahey Health Shared Servicesis a vibrant and growing health care system, recognized as a trailblazer in medicine and a standard bearer in patient experience. It includes an award-winning academic medical center, a superb constellation of community hospitals, home care services, rehabilitation facilities and more.

We are committed to attracting, developing and retaining top talent in a market long recognized and revered as a global leader in health. With a team approach to care, we encourage learning and growth at all levels, and we offer competitive salaries and benefits. We adhere to the principles of a just and fair work environment for all colleagues, where respect is foundational and performance is rewarded.

About the Job

The Information Security Analyst is responsible for ensuring the Confidentiality, Availability and Integrity of Lahey's IT systems and information. This position is responsible for performing or assisting with evaluating, recommending, configuring, integrating, supporting and administering all information security operations including application, database, desktop, network, server, remote device, network access and web security. This position will report to the Manager of Information Security Systems.

Essential Duties & Responsibilities including but not limited to:

  • Develops and performs processes to ensure systems and information are secure from unauthorized access, transmission and protected from inappropriate alteration/modification.
  • Develops communication and training programs to educate the Lahey community on security policies, procedures and regulations.
  • Analyzes security operations data, investigates and reports on noted irregularities and advises Chief Information Security Officer on appropriate approaches to secure systems and data. Develops approaches to prevent security breaches, which includes unauthorized access by internal or external staff.
  • Participates in operating system, database, application and network vulnerability assessments using Certified Ethical Hacker techniques.
  • Participates in IT security incident response as required to identify, contain, mitigate, resolve and restore Lahey’s IT systems and data.
  • Participates in disaster recovery planning activities.
  • Participates in hardware and software architecture review and is responsible for security architecture design for all existing and new environments.
  • Assesses and participates in compliance, internal and external audit requirements; gathers information for audits and provides to internal and external auditors. Exhibits an understanding of the compliance regulations and security best practices and develops the appropriate security measures accordingly.
  • Assists the Chief Information Security Officer (CISO) with providing Legal and Compliance departments with IT security related requests; gathers all requested data in a timely manner.
  • Stays active within the network/systems security community, attends conferences and seminars and stays current with new issues and technology.
  • Serves as project collaborator in handling various assignments as designated by the CISO.
  • Communicates frequently with the CISO regarding project status updates and reports any IT security issues.
  • Escalates issues and coordinates overall security posture with the CISO.
  • Performs related duties as assigned. Will be required to be on-call periodically

Education:

  • BA or BS required

Licensure, Certification & Registration: 

  • CISSP and/or CISM

Experience: 

  • At least 5 years of information security analysis and operations experience is required
  • Experience in contemporary Cyber Security technologies including DLP, CASB, NextGen AV, 3rd Party Risk Platforms, TFA, MDM, vulnerability & penetration testing.

Skills, Knowledge & Abilities: 

The Information Security Analyst must be able to work independently and consultatively to apply applicable IT security rules, regulations, policies and procedures. Must demonstrate and maintain current knowledge of industry trends and technologies. Working knowledge of HIPAA framework, ePHI, HITRUST, ISO and NIST. The individual must demonstrate effective written and oral communications skills.

About Us

Lahey Health Shared Services (LHSS) provides unified and streamlined administrative and operational services and support to all members of the Lahey Health system.

Through use of best practices, LHSS achieves greater efficiency and effectiveness across Lahey Health, helping create the most effective organization possible, for both our patients and our employees. LHSS is dedicated to leveraging resources across the organization to ensure high-quality, high-value care to the people and communities we care for so proudly.