Harvard University IT Info Security Professnl IV in Cambridge, Massachusetts

46172BRAuto req ID:46172BRJob Code:I0458P IT Info Security Professnl IV Location:USA - MA - Boston Business Title:Information Security AnalystSub-Unit:------------ Salary Grade:058Time Status:Full-time Union:00 - Non Union, Exempt or Temporary Additional Qualifications:

  • BA or BS or equivalent experience. Demonstrated experience with vulnerability scanning tools, penetration testing tools, and associated processes and best practices; Experience in conducting forensic investigations using current technologies and practices. Industry certification, such as Certified Information Systems Security Professional (CISSP) strongly preferred; Experience with: scripting or programming; application security testing tools and processes. Working knowledge of Linux, Windows, and OSX system administration. TCP/IP networking and protocol analysis. Experience using a Help Desk ticketing system. Writing and preparing of technical reports. Excellent verbal and written communication skills. Ability to teach and collaborate. Preferred: Hold one or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), GIAC Certification

  • Knowledge of Microsoft Office Suite, advanced Excel skills

  • Knowledge of advanced information security principles

  • Demonstrated team performance skills, service mindset approach, and the ability to act as a trusted advisor

Additional Information:Harvard offers an outstanding benefits package including:

Time Off: 3 - 4 weeks paid vacation, paid holiday break, 12 paid sick days, 11.5 paid holidays, and 3 paid personal days per year.

Medical/Dental/Vision: We offer a variety of excellent medical plans, dental & vision plans, all coverage begins as of your start date.

Retirement: University-funded retirement plan with full vesting after 3 years of service.

Tuition Assistance Program: Competitive tuition assistance program, $40 per class at the Harvard Extension School and discounted options through participating Harvard grad schools.

Transportation: Harvard offers a 50% discounted MBTA pass as well as additional options to assist employees in their daily commute.

Wellness options: Harvard offers programs and classes at little or no cost, including stress management, massages, nutrition, meditation and complementary health services.

Harvard access to athletic facilities, libraries, campus events and many discounts throughout metro Boston.

The Harvard Medical School is not able to provide visa sponsorship for this position. Department:Information TechnologyPre-Employment Screening:Criminal, Education, IdentityJob Function:Information Technology School/Unit:Harvard Medical School EEO Statement:We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, gender identity, sexual orientation, pregnancy and pregnancy-related conditions, or any other characteristic protected by law.Job Summary:Responsible for comprehensive planning, design, evaluation and implementation of security procedures which safeguard the confidentiality, integrity and availability of systems and data. Role may focus on technical or administrative aspects of security, or encompass a mixture of both.Typical Core Duties:

  • Perform complex procedures necessary to ensure the safety of information and to protect systems from intentional or inadvertent access, modification, disruption or destruction

  • Recognize and identify potential areas where existing data security policies and procedures require change, or where new ones need to be developed (firewalls, intrusion detection, vulnerability scanning, host operating systems, and network devices)

  • Weigh business needs against security concerns and articulate issues to community stakeholders and management

  • Perform or contribute to risk assessments

  • Provide community stakeholders and management with risk assessments and security briefings to advise them of critical issues that may affect security objectives

  • Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness

  • Maintain awareness of changes in local, state, and federal laws as well as industry standards, guidelines, and current business objectives of the School and University

  • Advise unit/school on questions in support of processes; ensure that user community understands and adheres to necessary procedures to maintain security

  • Collaborate to continuously improve processes, policies and procedures

  • Provide training to clients/staff

  • May function as subject matter expert or project lead

  • Abide by and follow the Harvard University IT Code of Conduct

Basic Qualifications:

  • Minimum of five years’ post-secondary education and/or relevant work experience

  • Familiarity with information security concepts, relevant tools and standards

Certificates and Licenses:

  • Completion of Harvard IT Academy Information Security Foundations course (or external equivalent) preferred

  • IT Security Certification preferred; e.g., CISSP, CISA/CISM, and/or GIAC

Working Conditions:

  • Work is performed in an office setting

Job-Specific Responsibilities:Reporting to the Information Security & IT Compliance Officer, the Information Security Analyst will have a broad range of responsibilities for securing Harvard Medical School’s (HMS) extensive computer network, responding to security threats, and offering consulting and advice on security issues to faculty, staff, and students. He or she will be a key member in developing and implementing a robust, mature Information Security Program alongside the Information Security & IT Compliance Officer. He or she will be a key member in Harvard University’s Information Security function and be a key contributor to the Harvard Longwood community of information security professionals.

Key responsibilities include the following:

• Test and assess HMS computer systems (hardware and software) and network equipment for potential threats and vulnerabilities, identify mitigation steps, and collaborate with system administrators and network engineers to implement fixes.

• Recognize and respond to information security incidents, in partnership with IT organizations at Harvard University, Harvard schools on the Longwood Campus, and hospital affiliates.

• Perform digital forensics as part of the incident response and in response to other community needs. Author and edit incident reports.

• Stay on top of latest developments in information security, industry trends, security risks, and best practices.

• Lead evaluation and deployment of new tools and techniques to better secure HMS’s network.

• Act as an internal consultant on security-related matters to faculty, students, and staff.

• Coordinate and perform security-related awareness campaigns and educational exercises.

• Closely align and coordinate activities with co-workers in Harvard University’s Information Security organization.

• Foster a local Community of Practice of information security professionals at Harvard’s schools in the Longwood Medical Area.