Lahey Health Shared Services is part of a vibrant and growing health care system, recognized as a trailblazer in medicine and a standard bearer in patient experience. It includes an award-winning academic medical center, a superb constellation of community hospitals, home care services, rehabilitation facilities and more.
We are committed to attracting, developing and retaining top talent in a market long recognized and revered as a global leader in health. With a team approach to care, we encourage learning and growth at all levels, and we offer competitive salaries and benefits. We adhere to the principles of a just and fair work environment for all colleagues, where respect is foundational and performance is rewarded.
About the Job
The Security Analyst is responsible for ensuring the Confidentiality, Availability and Integrity of Lahey's IT systems and information. This position is responsible for performing or assisting with evaluating, recommending, configuring, integrating, supporting and administering all information security operations including application, database, desktop, network, server, remote device, network access and web security. This position will report to the Manager of Information Security Systems.
Essential Duties & Responsibilities including but not limited to:
- Develops and performs processes to ensure systems and information are secure from unauthorized access, transmission and protected from inappropriate alteration/modification.
Develops communication and training programs to educate the Lahey community on security policies, procedures and regulations.
- Analyzes security operations data, investigates and reports on noted irregularities and advises Chief Information Security Officer on appropriate approaches to secure systems and data. Develops approaches to prevent security breaches, which includes unauthorized access by internal or external staff.
- Participates in operating system, database, application and network vulnerability assessments using Certified Ethical Hacker techniques
- Participates in IT security incident response as required to identify, contain, mitigate, resolve and restore Lahey’s IT systems and data.
- Participates in disaster recovery planning activities.
- Participates in hardware and software architecture review and is responsible for security architecture design for all existing and new environments.
- Assesses and participates in compliance, internal and external audit requirements; gathers information for audits and provides to internal and external auditors. Exhibits an understanding of the compliance regulations and security best practices and develops the appropriate security measures accordingly.
- Assists the Chief Information Security Officer (CISO) with providing Legal and Compliance departments with IT security related requests; gathers all requested data in a timely manner.
- Stays active within the network/systems security community, attends conferences and seminars and stays current with new issues and technology
- Serves as project collaborator in handling various assignments as designated by the CISO.
- Communicates frequently with the CISO regarding project status updates and reports any IT security issues.
- Escalates issues and coordinates overall security posture with the CISO.
- Performs related duties as assigned. Will be required to be on-call periodically.
Licensure, Certification & Registration:
- At least 5 years of information security analysis and operations experience is required
- Experience in contemporary Cyber Security technologies including DLP, CASB, NextGen AV, 3rd Party Risk Platforms, TFA, MDM, vulnerability & penetration testing.
Skills, Knowledge & Abilities:
- The Information Security Analyst must be able to work independently and consultatively to apply applicable IT security rules, regulations, policies and procedures.
- Must demonstrate and maintain current knowledge of industry trends and technologies.
- Working knowledge of HIPAA framework, ePHI, HITRUST, ISO and NIST.
- The individual must demonstrate effective written and oral communications skills.
The Lahey Model of Care—right care, right time, right place—is exactly what patients, providers and payers need and deserve. Identifying and delivering on this convergence of interests has positioned Lahey Health for further growth. Our model ensures care is highly coordinated and locally delivered, with lower costs and exceptional quality.
Lahey Health is a robust, regional system including a teaching hospital, community hospitals, primary care providers, specialists, behavioral and home health services, skilled nursing and rehabilitation facilities, and senior care resources throughout northeastern Massachusetts and southern New Hampshire. The system has a global presence with programs in Canada, Jordan and Bermuda.
Equal Opportunity Employer/Minorities/Females/Disabled/Veterans.