IT Security - Baystate Health

Req#: R23382
Category(s): Information Technology/Health Information Management, IT Security
Full Time / Part Time: Full-Time
Shift: First


This position reports to the Director of Information Security and is responsible for assisting other security department personnel in maintaining administrative, physical and technical information security safeguards that strengthen our information system posture and better support Baystate's Mission to improve the health of the people in our communities every day, as well as supports continued progress toward Baystate's Vision of becoming one of the leading health systems in the nation.

Under general guidance of the CISO, the incumbent will conduct incident response investigations, work with Baystate management and Human Resources to ensure appropriate and consistent corrective action, help identify opportunities for improvement, maintain policies and procedures that are designed to be operationally effective and efficient, maintain workforce training programs and awareness communications, and monitor compliance to policies, laws and regulations. The security analyst associate works with members of the IT division to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.

At this level the incumbent is expected to build on their IT knowledge by developing security skills and a basic knowledge of security frameworks such as HIPAA, NIST, ISO or other industry standards that are relevant to Baystate Health.

Job Responsibilities: 

1) Assist in conducting investigations of suspected security and privacy incidents, whether internal or external to Baystate and whether intentional or unintentional and organize, document and report investigation results within the organization.

2) Assist in administration of Identity and Access management including provisioning and deprovisioning of access. Conduct information system user access and activity reviews: Monitor and test application and network activity for assurance that systems of controls are in place and effective, and for compliance to BH policies, state and federal regulations. Information system activity reviews should include, but are not limited to; failed logins by administrators and general users, file accesses, security incident tracking reports, unauthorized software, dormant accounts, abandoned sessions, password sharing, data leakage, unauthorized deletion of corporate data, adequacy of auto-logoff and anti-malware configuration, and misuse of administrator accounts, internet access, remote access, personal use of network storage, etc.

3) Assist in utilizing security tools such as Endpoint Detection and response, firewall, data loss protection, and privacy audit logging to assist in incident response investigations, monitoring security effectiveness and analyzing the output to suggest security improvements.

4) Assist in researching new threats and vulnerabilities and mitigating administrative, physical and technical safeguards

5) Assist with identifying, designing and implementing information security projects, provide subject matter expertise to other IT department teams and ensuring that IT division project plans include appropriate security activities.

6) Assist with developing security training, awareness reminders and related communications.

7) Assist with monitoring, assessing and suggesting enhancements to Baystate Health's business continuity and recovery programs

8) Assist with developing and publishing information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements along with processes that enable implementation.

9) Coordinate investigations with clinical and administrative departments including Human Resources, client department management, Hospital Security, Corporate Compliance, Access and Guest Service Administration, and others as needed.

10) Assist with risk assessments of Baystate Health information and technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of Baystate's information and technology systems.

11) Assist with conducting periodic evaluations of technical and non-technical security safeguards to demonstrate and document compliance with Baystate's security policy and the requirements of the HIPAA Security Rule as required by HIPAA.

12) Assist other security department members working with partner health system departments to identify requirements, using methods that may include risk and business impact assessments.

13) Assist other security department members working with security leadership to develop strategies and plans to enforce security requirements and address identified risks.

14) Assists other security department members advising in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.

15) Assists other department members advising partner and IT division security administrators on normal and exception-based processing of security authorization requests.

16) Assists other security department members planning and conducting penetration testing and vulnerability assessments.

17) Assists other security department members monitoring data loss prevention.

18) Assists other security department members define security configuration and operations and standards for security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.

19) Develop ability to manage malware protection/detection technology including servers and workstations and deliver updates and patches; and manage endpoint encryption (laptops & workstations) and deliver updates and patches.

Required Work Experience: 

1) Three to five years in an IT role, or an equivalent degree or IT security certification

Preferred Work Experience: 

1) Healthcare IT experience preferred

Skills and Competencies: 

1) Ability to develop practical knowledge of malware prevention/detection technologies, handling techniques and patch deployment

You Belong At Baystate

At Baystate Health we know that treating one another with dignity and equity is what elevates respect for our patients and staff. It makes us not just an organization, but also a community where you belong. It is how we advance the care and enhance the lives of all people.



Associate of Arts (Required)


Security+ Certification – CompTIA

Equal Employment Opportunity Employer

Baystate Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, ancestry, age, genetic information, disability, or protected veteran status.

Apply Now