Find your next cybersecurity opportunity


Information Security Officer

Mass General Brigham

Mass General Brigham

Somerville, MA, USA
Posted on Wednesday, March 13, 2024
Information Security Officer - (3280771)


About Us
As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Mass General Brigham supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.

We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Mass General Brigham is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.

Our employees use the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.

General Summary:

Under the leadership of the Mass General Brigham Chief Information Security Officer and under the direction of the Mass General Brigham Director of Site Information Security Officers, and working as part of the Information Security Group, the incumbent provides leadership to all aspects of the information security program. The Information Security Officer (ISO) works closely with other Site Information Security Officers and the Research Information Security Officers on day-to-day issues. They also work with various site Privacy/Health Information Officers and Compliance Officers, and various hospital committees to identify security related needs such as policy development and compliance, education and training efforts, and risk assessment and breach mitigation strategies in order to most effectively safeguard Site Information Security.

Principal Duties and Responsibilities:

Works closely with other Mass General Brigham Site Information Security Officers and Mass General Brigham Chief Information Security Officer on projects and streamlining processes
Is a collaborator on issues across Mass General Brigham Sites and provides cross coverage within the Mass General Brigham Site Security Officers Department as needed.
Facilitates the implementation of the Mass General Brigham HealthCare system-wide information security program at Mass General Brigham Sites.
Provides for training on IS security for various committees, departments and disciplines throughout Mass General Brigham
Participates in IS risk management activity at MGB Sites including the identification of application and vendor risks, and appropriate mitigation activity. Present findings and recommendations related to risk assessments to hospital leadership.
Participates in the selection and deployment of Mass General Brigham system-wide security technologies, vendors and related controls.
Research Information Security and Mass General Brigham’s Information Security teams to investigate information security incidents, and report on such incidents to appropriate sites and leadership.
Works with clinical, research and administrative departments to achieve compliance with governmental regulations (HIPAA security standards, MA 201 CMR 17.00 etc) and hospital policies for protecting individually identifiable health information that is transmitted or stored electronically.
Maintains security documentation as required for outside regulatory agencies (Joint Commission, Office of Civil Rights, Department of Public Health, etc).
Works closely with the Site Information Security in implementing system-wide information security policies and standards.

Advises on security requirements for all technology initiatives managed and/or supported by Site Information Security.
Collaborates with other units in the Mass General Brigham HealthCare Information Security and Privacy Department as necessary.
Monitors and assures that policies and procedures related to accuracy, integrity, confidentiality and security are adhered to by hospital staff during implementation and maintenance of information systems.
Keeps abreast of the latest security related technology, practices and applicable information security regulations.
Performs other duties as assigned
Bachelor’s degree (B.A./B.S.) or equivalent in computer science or equivalent discipline from an accredited college or university required.

3+ years of experience in an information security functional roles

Experience and advanced understanding of ISO 27002, NIST Special Publications, and related standards and frameworks

Knowledge of or experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems.

Experience administering information security programs including risk assessments and forensic research, incident response, designing security architectures, developing policies, gathering metrics, and reporting status.

Knowledge of information systems technology, products, services, and customers.

Knowledge of HIPAA, Meaningful Use Security requirements, Mass ID Theft regulation 201 CMR 17, and other appropriate information security regulatory requirements for healthcare entities.

Experience working in healthcare required, academic medical center experience preferred.

Working Conditions:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

· This position requires occasional local travel to MGB sites, vendors, and/or conferences

· Hospital work environment working conditions include possible exposure to diseases or infections and may require safety gear (PPE) such as gloves and mask.

· Normal office working conditions. The noise level in the work environment is quiet to moderate.

· While performing the duties of this job, the employee is frequently required to sit; talk; or hear; use hands to finger; handle; or feel; reach with hands and arms. The employee is occasionally required to stand; walk; and stoop; kneel; or crouch. The employee must frequently lift and/or move up to 5 pounds and occasionally lift and/or move up to 20 pounds.

· Specific vision abilities required by this job include close vision, distance vision and depth perception.


· Excellent organizational skills.

· Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy.

· Demonstrated strong commitment to customer service and teamwork.

· Excellent written and verbal communication skills.

  • Proven project management skills

· Excellent presentation skills, with that ability to effectively communicate with all levels of management

· Knowledge of information systems technology, products, services, and customers.

· Technical knowledge and direct experience related to information security technologies.

· Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy.

· Excellent written and verbal communication skills.

· Financial planning and management skills

· Proven leadership skills.

· Knowledge of HIPAA Security Rule, and other healthcare information security regulatory requirements

EEO Statement

Mass General Brigham is an Equal Opportunity Employer & by embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law.

Primary Location

: MA-Somerville-MGB Assembly Row

Work Locations

MGB Assembly Row
399 Revolution Drive
Somerville 02145


: Information Security


: Mass General Brigham


: Full-time
Standard Hours: 40


: Day Job

Employee Status

: Regular
Recruiting Department: MGB Digital

Job Posting

: Mar 12, 2024