Information Security Officer
Mass General Brigham

General Summary:

Under the leadership of the Mass General Brigham Chief Information Security Officer and under the direction of the Mass General Brigham Director of Site Information Security Officers, and working as part of the Academic Medical Center Site Information SecuGeneralrity Group, the incumbent provides leadership to all aspects of the information security program at Brigham and Woman's Hospital (BWH) and the Brigham and Woman's Physician Organization (BWPO), Faulkner Hospital (FH), Harbor Medical and their affiliates. The Brigham and Faulkner Information Security (BWH/FH) Officer (ISO) works closely with the SVP, Research Planning & Operations, and Innovation Research, the BWH/FH Director of Health Information Systems, and various hospital committees to identify security related needs such as policy development and compliance, education and training efforts, and risk assessment and breach mitigation strategies in order to most effectively safeguard Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital assets.

Principal Responsibilities:

• Works closely with other Mass General Brigham Site Information Security Officers and Mass General Brigham Chief Information Security Officer on projects and streamline processes
• Is a collaborator on issues across Mass General Brigham Sites and provides cross coverage within the Mass General Brigham Site Security Officers Department as needed.
• Facilitates the implementation of the Mass General Brigham HealthCare system-wide information security program at Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital
• Provides for training on IS security for various committees, departments and disciplines throughout the Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital
• Participates in IS risk management activity at Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital, including the identification of application and vendor risks, and appropriate mitigation activity. Present findings and recommendations related to risk assessments to hospital leadership.
• Participates in the selection and deployment of Mass General Brigham system-wide security technologies, vendors and related controls.
• Collaborates with BWH/FH HIM/Privacy, BWH/FH Police and Security, MGB
• Research Information Security and Mass General Brigham's Information Security teams to investigate information security incidents, and report on such incidents to Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital Leadership.
• Works with clinical, research and administrative departments to achieve compliance with governmental regulations (HIPAA security standards, MA 201 CMR 17.00 etc) and hospital policies for protecting individually identifiable health information that is transmitted or stored electronically.
• Maintains security documentation as required for outside regulatory agencies (Joint Commission, Office of Civil Rights, Department of Public Health, etc).
• Communicates closely with Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital leadership committees regarding the system-wide information security program.
• Represents Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital on the Mass General Brigham HealthCare Information Security Operating Committee, participating in Committee subgroups and security-related initiatives.
• Leads and co-facilitates Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital Information Security and Privacy Steering, Operating and Action Network Committees, subgroups and security-related initiatives.
• Works closely with the Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital Privacy Office on implementing system-wide information security policies and standards.
• Advises on security requirements for all technology initiative managed and/or supported by the Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Womens Faulkner Hospital Chief Information Officer and his/her staff.
• Participates in ongoing privacy and security compliance activity in partnership with the Brigham and Women's Hospital, Brigham and Women's Physician Organization and Brigham and Women's Faulkner Hospital Privacy Officer.
• Collaborates with other units in the Mass General Brigham HealthCare Information Security and Privacy Department as necessary.
• Monitors and assures that policies and procedures related to accuracy, integrity, confidentiality and security are adhered to by hospital staff during implementation and maintenance of information systems.
• Keeps abreast of the latest security related technology, practices and applicable information security regulations.
• Performs other duties as assigned

Working Conditions:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

• This position requires occasional local travel to MGB sites, vendors, and/or conferences

• Hospital work environment working conditions include possible exposure to diseases or infections and may require safety gear (PPE) such as gloves and mask.

• Normal office working conditions. The noise level in the work environment is quiet to moderate.

• While performing the duties of this job, the employee is frequently required to sit; talk; or hear; use hands to finger; handle; or feel; reach with hands and arms. The employee is occasionally required to stand; walk; and stoop; kneel; or crouch. The employee must frequently lift and/or move up to 5 pounds and occasionally lift and/or move up to 20 pounds.

Qualifications

• Bachelor's degree (B.A./B.S.) or equivalent in computer science or equivalent discipline from an accredited college or university required
• CISSP or equivalent information security certification preferred.
• CIPP or equivalent privacy certification preferred
• 8+ years of experience in an information security functional roles
• Experience and advanced understanding of ISO 27002, NIST Special Publications, and related standards and frameworks.

• Knowledge of or experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems

• Experience administering information security programs including risk assessments and forensic research, incident response, designing security architectures, developing policies, gathering metrics, and reporting status
• Knowledge of information systems technology, products, services, and customers.
• Knowledge of HIPAA, Meaningful Use Security requirements, Mass ID Theft regulation 201 CMR 17, and other appropriate information security regulatory requirements for healthcare entities.
• Experience working in healthcare required, academic medical center experience preferred.

Skills, Abilities:

• Excellent organizational skills.

• Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy

• Demonstrated strong commitment to customer service and teamwork.

• Excellent written and verbal communication skills.

Proven project management skills

• Excellent presentation skills, with that ability to effectively communicate with all levels of management

• Knowledge of information systems technology, products, services, and customers.

• Technical knowledge and direct experience related to information security technologies.

• Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy.

• Excellent written and verbal communication skills.

• Financial planning and management skills

• Proven leadership skills.

• Knowledge of HIPAA Security Rule, and other healthcare information security regulatory requirements

EEO Statement
Mass General Brigham is an Equal Opportunity Employer & by embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law.

This job has expired.