Description
Position Title: CyberSecurity Senior Analyst
Reports to: IT Security and Compliance Manager
Location: Boston, MA office (5-10% Domestic Travel)
Position Type: Full-Time
Position Overview
The Cybersecurity Senior Analyst (CSA) assumes a pivotal role in shaping, coordinating, and fortifying the organization's cybersecurity infrastructure. This individual is instrumental in championing and implementing robust security measures across diverse technological landscapes, including both on-premise and cloud-based systems.
The Cybersecurity Senior Analyst is a highly technical, hands-on individual contributor to the Information Technology (IT) department and subject matter expert. The CSA is responsible for implementing best practice security methods and identifying existing processes within the organization for security improvements where possible. The CSA will work with a team of IT members within the U.S. as well as the Partners In Health (PIH) global care delivery IT members to support and maintain the organization’s security posture. The CSA will be part of a team working towards the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) implementation within the organization. The CSA will lead security implementations across on-premise and Cloud platforms managed and maintained by the PIH IT team.
Responsibilities
- Lead technical evaluation of security technologies that address current and future needs based on emerging threats and industry trends.
- Lead the implementation of a unified identity platform and access management.
- Lead security efforts in bringing PIH in line with NIST CSF framework.
- Design improvements to the security architecture around the organizational environment, applying the principle of least privilege to improve identity and access management.
- Design, manage and maintain monitoring & alerting platform to proactively secure potential risks across the organizational landscape.
- Build automation to manage and maintain security updates across various applications, operating systems including vulnerability management.
- Manage and maintain security tools and technologies such as SIEM, EDR, IDS/IPS, firewalls, and antivirus solutions. Configure and fine-tune these tools to maximize their effectiveness in detecting and preventing threats.
- Participate in conducting gap analyses, security and risk assessments with both internal and external stakeholders.
- Coordinate with multiple departments to identify, triage, and remediate gaps in current security posture.
- Work with a variety of security efforts that span areas such as cloud infrastructure, application, system, and network level initiatives.
- Document processes and implementations across the plethora of environments and systems managed by the IT team.
- Responsible for maintaining and maturing the security posture of the organization.
- Respond to and act on security incidents and lead security audits of various platforms utilized across the organization landscape.
- Provide training and awareness programs to educate employees about cybersecurity best practices, policies, and procedures. Promote a culture of security throughout the organization.
- Other duties assigned to ensure the proper functions of the team & meet organizations needs as identified.
Qualifications
- Bachelor (4-year) degree, with a technical major, such as engineering or computer science.
- Work experience in place of Bachelor degree (2 years as System Engineer or equivalent).
- 5-8 years of Information Security discipline experience.
- Experience with NIST, CIS, CMMC, ISO 27001/2, GRC frameworks and their implementation process.
- Certifications related to CSSP, CISSP, CEH.
- Knowledge of Zero Trust model and their implementation process.
- Strong problem-solving skills.
- In-depth knowledge of computer and network systems.
- Ability to travel up to 2-4 weeks per year.
- Ability to lift up to 50 lbs without assistance.
- Ability to describe technical information in easy-to-understand terms.
- Exemplary interpersonal skills; ability to collaborate effectively with culturally diverse staff across departments and country.
- Interest in social justice strongly desirable.
Organizational Profile
Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical science first and foremost to the most vulnerable communities around the world. PIH focuses on those who would not otherwise have access to quality health care. PIH partners with the world’s leading academic institutions to create rigorous evidence that shapes more sound and all-inclusive global health policies. PIH also supports local governments’ efforts to build capacity and strengthen national health systems.
As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico, Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of patients, through public facilities and community engagement.