State of Massachusetts Secretariat Security Analyst in Quincy, Massachusetts

This position is intended to primarily be that of an internal assessment specialist who manages the ongoing review of information systems in the EOHHS environment to determine compliance with EOHHS and Agency security requirements. As a corollary to that work, the Secretariat Security Analyst may be called upon to interface with external auditors to report the Security Office’s findings and corrective actions with respect to those reviews.

Secondarily, the position will occasionally require supporting and/or drafting policy and processes for EOHHS and its Agencies in furtherance of management of the EOHHS security program.

Responsibilities

  • Must possess training and experience required to administer the information security functions of the Secretariat

  • Ensures EOHHS Policy and Standards are implemented within the Secretariat

  • Works under the direction of the EOHHS CSO provide security guidance

  • Provides requested data points to EOHHS CSO in a timely manner

  • Participates and reviews (not coordinates, executes, aggregates) audits, assists in the development of POAMs, and provides recommendations

  • Participates and assists in the maintenance of a system that fosters global security policies, procedures, standards, guidelines and practices that are compliant with related law, regulation, policy, and professional standards and which ensure ongoing maintenance of information security

  • Participates in the process of risk assessments and risk management planning related to the information security features of systems, networks, information technology resources and related administrative activities.

  • Assist in the investigation of security breaches, and the disciplinary or legal matters associated with such breaches as determined by the CSO

  • Participate in independent security audits and work with outside consultants as appropriate

  • Liaise with the CTO team for security questions and information security recommendations based on best practices

  • Assist in the development, implementation and coordination of statewide incident response procedures.

  • Establish and maintain system inventory, classification, and compliance for information security throughout the Agency and Secretariat as requested by the CSO

  • Performs security and risk assessments through the distribution of assessment materials, conducting

meetings, performing interviews, and collecting documentation in furtherance of the assessment

  • Clearly and completely document the result of security and risk assessments in a manner prescribed by the CSO or otherwise consistent with Security Office Practice

  • Researches industry best practice for information security to ensure: 1) policies and procedures are up to date and appropriately reflect such best practices and 2) such best practice methodology is incorporated into the internal assessment and inventory process

  • Manages the creation of any documentation to facilitate the above duties

  • Works with Agency and Secretariat staff necessary to accomplish the above duties

  • Works with Agency and Secretariat staff for second and third level InTempo support

Qualifications

  • Demonstrated ability to write and communicate in an intelligible and professional manner

  • Demonstrated ability to think critically

  • Demonstrated ability to work independently and, in doing so, appropriately manage a significant assessment workload

Qualifications Acquired On The Job:

  • Competence in various security frameworks including HIPAA and NIST

  • Competence in performing audits and assessments

  • Competence in the development or policy, process, and procedure

  • Competence in EOHHS and its Agencies’ security operations

Pre-Offer Process:

A criminal background check will be completed on the recommended candidate as required by the regulations set forth by the Executive Office of Health and Human Services prior to the candidate being hired. For more information, please visit http://www.mass.gov/hhs/cori and click on "Information for Job Applicants".

  • Education, licensure and certifications will be verified in accordance with the Human Resources Division’s Hiring Guidelines

Education and license/certification information provided by the selected candidate(s) is subject to the Massachusetts Public Records Law and may be published on the Commonwealth’s website.

For questions, please contact the CYF Office of Human Resources at 1-800-510-4122 and select option #2.

First consideration will be given to those applicants that apply within the first 14 days.

Minimum Entrance Requirements:

Applicants must have at least (A) five years of full-time, or equivalent part-time, professional experience in electronic data processing, of which (B) at least three years must have been in work in which the major duties included computer systems analysis, or (C) any equivalent combination of the required experience and the substitutions below.

SUBSTITUTIONS:

I. An Associate's degree with a major in the field of data processing or computer programming may be substituted for a maximum of one year of the required (A) experience.*

II. A Bachelor's degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.*

III. A Graduate degree with a major in the field of data processing or computer and/or information science may be substituted for a maximum of two years of the required (A) experience.*

IV. A diploma for completion of a two year full-time, or equivalent part-time, program in a recognized non-degree granting business or vocational/technical school above the high school level with a major in the field of computer programming may be substituted for a maximum of one year of the required (A) experience.*

V. An official transcript from a recognized business or vocational/ technical school as evidence of completion of a program consisting of at least 650 hours of instruction in the field of computer programming maybe substituted for a maximum of one year of the required (A) experience.*

VI. Graduation from the data processing course of a recognized vocational/technical high school may be substituted for a maximum of one year of the required (A) experience.

*Education toward such a degree or diploma will be prorated on the basis of the proportion of the requirements actually completed.

NOTE: No substitution will be allowed for more than two years of the required (A) experience.

NOTE: No substitution will be allowed for the three years of the required (B) experience.

Special Requirements: None.

An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

Job: *Information Systems and Technology

Organization: *Exec Office Of Health and Human Services

Title: Secretariat Security Analyst

Location: Massachusetts-Quincy - 100 Hancock Street

Requisition ID: 180003ZN