Lead Information Security Analyst

Who We Are

Point32Health is a leading health and wellbeing organization, delivering an ever-better personalized health care experience to everyone in our communities. At Point32Health, we are building on the quality, nonprofit heritage of our founding organizations, Tufts Health Plan and Harvard Pilgrim Health Care, where we leverage our experience and expertise to help people find their version of healthier living through a broad range of health plans and tools that make navigating health and wellbeing easier.

We enjoy the important work we do every day in service to our members, partners, colleagues and communities. To learn more about who we are at Point32Health, click here.

Job Summary

The Lead Information Security Analyst collaborates with technology teams and business leaders to ensure that cyber and information security solutions meet both technical and strategic business requirements. This role is pivotal in bridging the gaps between security best practices, the evolving technical landscape, regulatory mandates, and business expectations. Responsibilities include optimizing system configurations, enhancing security processes, ensuring control effectiveness, and improving operational efficiency. The analyst will support the design and ongoing development of cyber and information security processes, engaging regularly with stakeholders at Point32Health and external partners as needed.

Key Responsibilities/Duties – what you will be doing

DUTIES/RESPONSIBILITIES – what you will be doing (top five):

Provides leadership in planning, designing, assessing, and/or implementing strategic security program improvements through:

• Providing advanced information security consultation for all aspects of information security, compliance, policy, risk management, and remediation
• Identifying process improvements and developing plans to meet or exceed security best practices
• Ensure the confidentiality, integrity, and availability of the information residing on or transmitted to/from/through the enterprise’s devices, servers, and other systems and data repositories.
• Providing technical expertise and administration of security solutions, where applicable
• Participate in the design, implementation, and administration of security tools to reduce risk
• Identifying technology trends and evolving social behavior to support the success of the business
• Oversee and maintain system consistency through regular audits
• Provide leadership and education colleagues; participate as an active member of the IT and security community at Point32Health to promote information sharing, respectful challenge, efficiency, control effectiveness, and program quality through continuous improvement
• Create meaningful and detailed metrics based on security needs
• Other duties and projects as assigned.

Qualifications – what you need to perform the job

QUALIFICATIONS – what you need to perform the job

EDUCATION, CERTIFICATION AND LICENSURE:

• Bachelor’s degree preferred

EXPERIENCE (minimum years required):

• 6+ years of progressively responsible leadership in IT, audit, or information/cyber security programs, including at least 4 of those years designing and implementing security program capabilities
• Experience with IT governance and operations; access control analysis; incident response; data analysis and auditing controls; data protection; advance threat protection; identity and access management; integrated technologies with cross-functional impact
• Demonstrated competency in developing effective security solutions to diverse and complex business problems in a cross-functional environment.
• The ability to be a strategic, big picture thinker while possessing the analytical skills and understanding of operational details is essential
• Working knowledge of security controls in multiplatform environments

SKILL REQUIREMENTS:

• Broad knowledge of commonly used information security concepts, best practices, and standards
• Demonstrated expertise is at least two leading security areas, e.g., privileged access management, enterprise identity & access management, cloud architecture, data loss prevention, security information & event manager, incident management, third-party vendor risk assessment, API security, network security, malware prevention, database masking, secure development, application security testing, multi-factor authentication schemes
• Self-directed; expected to identify and lead efforts to correct security controls and/or process improvements
• Strong collaboration, facilitation, and negotiation skills.
• Strong communication skills, both written and verbal.
• Ability to explain complex technical issues to non-technical colleagues and business executives
• Ability to troubleshoot and independently solve problems as they arise
• Familiarity with HIPAA Security Rule and other regulatory requirements
• Proven analytical and problem-solving abilities
• Project and program management planning and organizational skills
• Customer service focused
• Time management and prioritization

WORKING CONDITIONS AND ADDITIONAL REQUIREMENTS (include special requirements, e.g., lifting, travel):

• Must be able to work under normal office conditions and work from home as required.
• Work may require simultaneous use of a telephone/headset and PC/keyboard and sitting for extended durations.
• May be required to work additional hours beyond standard work schedule.

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Management retains the discretion to add to or change the duties of the position at any time.

Compensation & Total Rewards Overview

As part of our comprehensive total rewards program, colleagues are also eligible for variable pay. Eligibility for any bonus, commission, benefits, or any other form of compensation and benefits remains in the Company's sole discretion and may be modified at the Company’s sole discretion, consistent with the law.

Point32Health offers their Colleagues a competitive and comprehensive total rewards package which currently includes:

• Medical, dental and vision coverage

• Retirement plans

• Paid time off

• Employer-paid life and disability insurance with additional buy-up coverage options

• Tuition program

• Well-being benefits

• Full suite of benefits to support career development, individual & family health, and financial health

For more details on our total rewards programs, visit https://www.point32health.org/careers/benefits/

Commitment to Diversity, Equity, Inclusion, Accessibility (DEIA) and Health Equity

​Point32Health is committed to making diversity, equity, inclusion, accessibility and health equity part of everything we do—from product design to the workforce driving that innovation. Our Diversity, Equity, Inclusion, Accessibility (DEIA) and Health Equity team's strategy is deeply connected to our core values and will evolve as the changing nature of work shifts. Programming, events, and an inclusion infrastructure play a role in how we spread cultural awareness, train people leaders on engaging with their teams and provide parameters on how to recruit and retain talented and dynamic talent.  We welcome all applicants and qualified individuals, who will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Scam Alert: Point32Health has recently become aware of job posting scams where unauthorized individuals posing as Point32Health recruiters have placed job advertisements and reached out to potential candidates. These advertisements or individuals may ask the applicant to make a payment. Point32Health would never ask an applicant to make a payment related to a job application or job offer, or to pay for workplace equipment. If you have any concerns about the legitimacy of a job posting or recruiting contact, you may contact TA_operations@point32health.org