We enjoy the important work we do every day on behalf of our members.
This position is responsible for analyzing the information security environment for THP and developing security measures to safeguard the confidentiality, integrity, and availability of data. Under direction, implement, monitor, assess and report on IT security. Reporting to the Information Security Manager, the Security Analyst will work closely with teams across all threads where security applies.
KEY RESPONSIBILITIES/ESSENTIAL FUNCTIONS* (in order of importance)
Work closely with IS team and across all threads where security applies
Specific working knowledge of and experience in the following work environment
o Data Loss Prevention o eWorkForce o Enterprise Identity Management o Siteminder & identity minder o Active directory o X500 Directory o Coding with Perl, VBS and Java. o Vulnerability scanning and management o IDS & IPS o Firewalls o Virus & malware protection o Advance treat protection o VPN o Forensics o Network operating system o 802.11 networks, o Public Key management, o Operational data stores, data marts, data warehouse o Security information and event management o High-performance data/voice network, e.g. IP o Integrated technologies with cross-functional impact o N-tiered infrastructure patterns o UNIX operating system environments, i.e. HP-UX and/or IBM AIX o Web, portal technology and application servers, i.e. iplanet, BEA's Weblogic and/or IBM's Websphere o Data/Computer Operations technology integration and support o Middleware implementations o CRM solutions o Imaging solutions o Hadoop
Consult with Security and Infrastructure Services staff to evaluate and implement software systems that provide appropriate security
Work with Technical Writers to document and review security policy and procedures
Participate in audit both internal and external as required
Communicate potential security exposures, misuse, or noncompliance situation to their manager
Monitor security logs to identify potential security related events
Capture and report security metrics
Participate on other security projects as required
Work closely with business units across all threads where security applies
Work closely with e-workforce incentives and e-workforce to address and assess security.
Consult with Security and IT staff to evaluate and implement software systems that provide appropriate security
Monitors security trends and assess potential uses of new technologies to meet identified business goals. This person is responsible for summarizing research materials and producing white paper or impact statements relating the impact of technology on operational best practices.
Proactively protect the integrity, confidentiality, and availability of information in the custody of or processed by THP by:
providing technical expertise and administration of security tools that control and monitor security of access controls and authentication
responding in a timely manner to a loss or misuse of information assets
communicating security exposures to management
Perform security administration functions in the. THP environment. Ensure that all functions and tasks are completed accurately, within a timely fashion and are in accordance with established procedures and SLA's. Analyze business requirements and risks to technology implementation for security-related issues. Develop and produce systems monitoring and metrics reports and assess the content. Act appropriately to resolve or forward potential issues. Gather data for trend analysis. As required, participate on project teams and manage the completion of all assigned project related tasks. Train information owners in the implementation of necessary security controls by developing and presenting information security awareness.
EDUCATION: (Minimum educations & certifications required) Bachelor's degree or equivalent business experience is required. Security certification is desirable. Experience with securing enterprise wide applications and databases required. Maintains or is working towards the CISSP certification is preferred.
EXPERIENCE: (Years of experience) Five to six years of experience in IT and three years in Information Security with a broad range of exposure of operating systems, applications and networks. Demonstrated competency in developing effective security solutions to diverse and complex business problems in a cross-functional environment. Has successfully developed and implemented new security technologies. Working knowledge of security controls in multiplatform environments
SKILL REQUIREMENTS: (Include interpersonal skills) Requires a strong working knowledge of security controls of web application environments. Requires an understanding of the role of information security within business. Requires strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people. Effectiveness in all aspects of the core business skills including analysis, communication, writing and negotiations. Requires excellent interpersonal skills and the ability to effectively communicate with staff, management, project teams, IS department and various software vendors.
WORKING CONDITIONS AND ADDITIONAL REQUIREMENTS (include special requirements, e.g., lifting, travel, overtime) Some travel may be required as well as after business hours and weekends to minimize impact to the business.
CONFIDENTIAL DATA: All information (written, verbal, electronic, etc.) that an employee encounters while working at Tufts Health Plan is considered confidential. Will be exposed to and required to deal with highly confidential and sensitive material and must adhere to corporate compliance policy and department guidelines/policies and all applicable laws and regulations at all times.
What we build together changes our customer's health for the better. We are looking for talented and innovative people to join our team. Come join us!