Job CodeI0458P IT Info Security Professnl IV
Reporting to the Information Security & IT Compliance Officer, the Information Security Analyst will have a broad range of responsibilities for securing Harvard Medical School’s (HMS) extensive computer network, responding to security threats, and offering consulting and advice on security issues to faculty, staff, and students. He or she will be a key member in developing and implementing a robust, mature Information Security Program alongside the Information Security & IT Compliance Officer. He or she will be a key member in Harvard University’s Information Security function and be a key contributor to the Harvard Longwood community of information security professionals.
Key responsibilities include the following:
- Test and assess HMS computer systems (hardware and software) and network equipment for potential threats and vulnerabilities, identify mitigation steps, and collaborate with system administrators and network engineers to implement fixes.
- Recognize and respond to information security incidents, in partnership with IT organizations at Harvard University, Harvard schools on the Longwood Campus, and hospital affiliates.
- Perform digital forensics as part of the incident response and in response to other community needs. Author and edit incident reports.
- Stay on top of latest developments in information security, industry trends, security risks, and best practices.
- Lead evaluation and deployment of new tools and techniques to better secure HMS’s network.
- Act as an internal consultant on security-related matters to faculty, students, and staff.
- Coordinate and perform security-related awareness campaigns and educational exercises.
- Closely align and coordinate activities with co-workers in Harvard University’s Information Security organization.
- Foster a local Community of Practice of information security professionals at Harvard’s schools in the Longwood Medical Area.
Typical Core Duties
Perform complex procedures necessary to ensure the safety of information and to protect systems from intentional or inadvertent access, modification, disruption or destruction
Recognize and identify potential areas where existing data security policies and procedures require change, or where new ones need to be developed (firewalls, intrusion detection, vulnerability scanning, host operating systems, and network devices)
Weigh business needs against security concerns and articulate issues to community stakeholders and management
Perform or contribute to risk assessments
Provide community stakeholders and management with risk assessments and security briefings to advise them of critical issues that may affect security objectives
Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness
Maintain awareness of changes in local, state, and federal laws as well as industry standards, guidelines, and current business objectives of the School and University
Advise unit/school on questions in support of processes; ensure that user community understands and adheres to necessary procedures to maintain security
Collaborate to continuously improve processes, policies and procedures
Provide training to clients/staff
May function as subject matter expert or project lead
Abide by and follow the Harvard University IT Code of Conduct
Minimum of five years’ post-secondary education and/or relevant work experience
Familiarity with information security concepts, relevant tools and standards
BA or BS or equivalent experience. Demonstrated experience with vulnerability scanning tools, penetration testing tools, and associated processes and best practices; Experience in conducting forensic investigations using current technologies and practices. Industry certification, such as Certified Information Systems Security Professional (CISSP) strongly preferred; Experience with: scripting or programming; application security testing tools and processes. Working knowledge of Linux, Windows, and OSX system administration. TCP/IP networking and protocol analysis. Experience using a Help Desk ticketing system. Writing and preparing of technical reports. Excellent verbal and written communication skills. Ability to teach and collaborate. Preferred: Hold one or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), GIAC Certification
Knowledge of Microsoft Office Suite, advanced Excel skills
Knowledge of advanced information security principles
Demonstrated team performance skills, service mindset approach, and the ability to act as a trusted advisor
Certificates and Licenses
Completion of Harvard IT Academy Information Security Foundations course (or external equivalent) preferred
IT Security Certification preferred; e.g., CISSP, CISA/CISM, and/or GIAC
Work is performed in an office setting
Harvard offers an outstanding benefits package including:
3 - 4 weeks paid vacation, paid holiday break, 12 paid sick days, 11.5 paid holidays, and 3 paid personal days per year.
We offer a variety of excellent medical plans, dental & vision plans, all coverage begins as of your start date.
University-funded retirement plan with full vesting after 3 years of service.
Tuition Assistance Program:
Competitive tuition assistance program, $40 per class at the Harvard Extension School and discounted options through participating Harvard grad schools.
Harvard offers a 50% discounted MBTA pass as well as additional options to assist employees in their daily commute.
Harvard offers programs and classes at little or no cost, including stress management, massages, nutrition, meditation and complementary health services.
Harvard access to athletic facilities, libraries, campus events and many discounts throughout metro Boston.
The Harvard Medical School is not able to provide visa sponsorship for this position.
Job FunctionInformation Technology
LocationUSA - MA - Boston
00 - Non Union, Exempt or Temporary
Criminal, Education, Identity
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, gender identity, sexual orientation, pregnancy and pregnancy-related conditions, or any other characteristic protected by law.