Information Security Architect

About Us:

As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Mass General Brigham supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.

We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Mass General Brigham is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.

Our employees use the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.

General Summary/ Overview:

At Mass General Brigham (MGB) Digital, we pride ourselves on our ability to create maximum strategic, clinical, and operational value from established and emergent technologies for our patients, care teams, researchers, and employees. Digital health will not only enhance the equity and efficiency of healthcare delivery, but it will also help make medicine more personalized and precise.

We recognize that increasing value and continually improving quality while maintaining an inclusive focus are essential to organizational excellence, and we invite you to join us on this journey. The work we do in Digital is a strategic imperative, and there is a strong and growing understanding of how together we will transform Mass General Brigham in innovative and impactful ways.

Under the direction of the MGB Director of Information Security, the Information Security Architect (ISA) is responsible for designing the security architecture necessary for safeguarding Mass General Brigham information systems and data, and working across the Digital organization to build security into our initiatives.

Principal Duties and Responsibilities:

Develop and maintain the organization’s information security architecture, ensuring alignment with business objectives and regulatory requirements

Collaborate with cross-functional teams across the MGB Digital organization to build security controls into the environment

Evaluate and recommend security tools, technologies, and process improvements to enhance MGB’s overall security posture

Work closely with project teams and site Information Security Officers during the design and build phase of new projects to ensure that security considerations are included early in development process(es)

Participate in the development and enforcement of information security policies, standards, and guidelines

Provide technical guidance and support to other information security team members, as well as the broader organization

Support organizational risk assessment activity.

Support organizational approaches to vulnerability testing and application security testing.

Coordinate technical security planning and strategy for matrixed Mass General Brigham business units, including Mass General Brigham Information Services, Research Computing, and hospital technology units.

Maintains understanding of security-related regulatory requirements.

On-call as a technical point of escalation to troubleshoot production deployments of major security-related initiatives.

Use[HD1] the Mass General Brigham values to govern decisions, actions, and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration

Other duties and responsibilities as assigned

Working Conditions:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

This position requires occasional local travel to MGB sites, vendors, and/or conferences

Hospital work environment working conditions include possible exposure to diseases or infections and may require safety gear (PPE) such as gloves and mask.

Normal office working conditions. The noise level in the work environment is quiet to moderate.

While performing the duties of this job, the employee is frequently required to sit; talk; or hear; use hands to finger; handle; or feel; reach with hands and arms. The employee is occasionally required to stand; walk; and stoop; kneel; or crouch. The employee must frequently lift and/or move up to 5 pounds and occasionally lift and/or move up to 20 pounds.

Specific vision abilities required by this job include close vision, distance vision and depth perception.

Bachelor's degree in Information Technology, Computer Science, or a related discipline, or related experience

Expertise in information security as typically represented by 7+ years of experience directly related to Information Security or equivalent combination of education and experience.

Significant technical knowledge and competency.

Hands-on experience in implementing complex technology solutions across large organizations.

Experience in a collaborative, matrixed team environment

Experience working in an Academic Medical Center or Healthcare environment preferred

Experience with Cloud service providers

CERTIFICATIONS

CISSP, CISSP-ISSAP, CGEIT, CISM, and CISA certifications are preferred. MCSE, CCNA/CCSP, SANS and related certifications are desired.

Skills/Abilities/Competencies:

Extensive technical knowledge and experience in the domains of application security, and network administration and maintenance, including:

Creating actionable secure design patterns in support of technical standards

Operating system (Windows, Mac OS, Unix) security and hardening

Endpoint security, including encryption technologies, NAC, and related technologies

Cloud-based technologies and design patterns including Azure, AWS, and Google

Privileged Access Management including best practices and solutions for on premises and cloud-based privilege

Service Oriented Architecture concepts such as micro-service design and implementation patterns

Knowledge of industry standards such as: ISO27000, NIST SP 800-53, OWASP, and other standards.

Ability to compile, analyze, and summarize data for communication.

Strong interpersonal skills, with an emphasis on effectively influencing others

Strong written and verbal communications skills, including the ability to form and deliver effective presentations.

Demonstrated ability to handle heavy multi-tasking.

Clear ability to complete work with minimal oversight

Ability to maintain current knowledge of relevant security technology, operations, management developments and seek opportunities to deploy new technologies that benefit the organization.

Ability to review documentation to verify compliance with the organization’s requirements and established architectural standards, security policies, standards, and guidelines.

Diversity Statement

As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community. We place great value on being a diverse, equitable and inclusive organization as we aim to reflect the diversity of the patients we serve. At Mass General Brigham, we believe in equal access to quality care, employment and advancement opportunities encompassing the full spectrum of human diversity: race, gender, sexual orientation, ability, religion, ethnicity, national origin and all the other forms of human presence and expression that make us better able to provide innovative and cutting-edge healthcare and research.

Mass General Brigham is an Equal Opportunity Employer. By embracing diverse skills, perspectives, and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.