Information Technology Security Officer (Requisition 1231)
Boston Residency Required. COVID Vaccination Required.
The Boston Public Health Commission (BPHC), the country's oldest health department, is a quasi-department of City of Boston, providing a wide range of health services and programs. Public service and access to quality health care are the cornerstones of our mission - to protect, preserve, and promote the health and well-being of all Boston residents, particularly those who are most vulnerable. The Commission's more than 40 programs are grouped into six bureaus: Child, Adolescent & Family Health; Community Health Initiatives; Homeless Services; Infectious Disease; Recovery Services; and Emergency Medical Services.
The Information Security Officer (ISO) provides the vision and strategies necessary to ensure the confidentiality, integrity, and availability of BPHC electronic information by communicating risk to senior administration, creating and maintaining enforceable policies, supporting processes, and ensuring compliance with regulatory requirements. To support these activities, the ISO coordinates activities with all BPHC departments bureaus and programs, including the evaluation, procurement, deployment of security-related products, develops and coordinates information security awareness programs. Additionally, the ISO ensures a BPHC system-wide disaster recovery and incident response plans are in place.
ESSENTIAL DUTIES AND RESONSIBLITIES:
1. Creates information security strategies, both short-term and long-range, in support of the BPHC's goals.
2. Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the BPHC's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
3. Communicates risks and recommendations to mitigate risks to the senior leadership team by communicating in non-technical, cost/benefit terms so decisions can be made to ensure the security of information systems and information entrusted to the Boston Public Health Commission (BPHC).
4. Oversees all ongoing activities related to the development, implementation, and maintenance of the BPHC's information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within the City, State and Federal system and assisting bureaus and programs in process and procedure development, ensuring they are not in conflict with BPHC policies.
5. Assists BPHC departments, bureaus and programs to ensure regulatory compliance in areas such as the Electronic Payment-- Data Security Standards (PCI-DSS) and the Health Insurance Portability and Accountability Act (HIPAA), serves as the HIPAA Security Officer for the Boston Public Health Commission (BPHC), and works with BPHC Privacy Officers to ensure full compliance in securing Protected Health Information (PHI).
6. Participate in the MBHSR Cyber Security Committee and coordinates the activities of MBHSR Cyber Security so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of BPHC information.
7. Ensures vulnerabilities are managed by directing periodic vulnerability scans of servers connected to BPHC and City of Boston (BoNET) networks.
8. Develops information security awareness training programs, and works with BPHC departments, bureaus and programs to present them to staff as appropriate.
9. Ensures sufficient resources are available and allocated to projects by balancing project funding requirements with the assigned budgets, coordinates and tracks project expenditures to ensure resources are used effectively and within budget and provides periodic budget reports to the Chief Information Officer.
10. Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
11. Evaluates security incidents and determines what response, if any, is needed and coordinates BPHC responses, including technical incident response teams, when sensitive information is breached.
12. Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
13. Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.
14. Contributes to the overall success of the BPHC by performing all other duties and responsibilities as assigned. Minimum Qualifications
MINIMUM ACCEPTABLE QUALIFICATIONS:
Bachelor's degree required; Master's degree preferred. Significant experience directly related to this position may substitute for all or a portion of the degree requirements. Professional Certification: (CISSP, GIAC, CISA, CISM, etc.) One of the security certifications is required. Experience: At least six years of varied information technology experience is required. Applicable experience includes, but is not limited to, computer and networking infrastructure, operating systems, application software development, project management, regulatory compliance, risk management, and providing training. Three years of direct experience in information security-related duties is required. Experience in a public sector or healthcare setting is desired. Skills: The ability to understand hardware and software systems is required. The ability to maintain confidentiality regarding information processed, stored, or accessed by the systems is required. The ability to manage multiple concurrent projects and to reason analytically is required. The ability to work with and train people possessing differing levels of technical knowledge is required. Effective verbal and written communication skills and proficiency in writing technical specifications are required. The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds is required.
City of Boston Residency Required, Any position that requires an advanced degree will be subject to education verification, The Boston Public Health Commission is an EEO Employer and all meeting the minimum requirements are eligible to apply
$100,000 - $125,000/Annually
35 hours, Monday to Friday 9am to 5pm Nights and weekend as needed