Position Title: CyberSecurity Senior Analyst

Reports to: IT Security and Compliance Manager

Location: Boston, MA office(5-10% Domestic Travel)

Position Type: Full-Time

Position Overview

The Cybersecurity Senior Analyst (CSA) assumes a pivotal role in shaping, coordinating, and fortifying the organization’s cybersecurity infrastructure. This individual is instrumental in championing and implementing robust security measures across diverse technological landscapes, including both on-premise and cloud-based systems.

The Cybersecurity Senior Analyst is a highly technical, hands-on individual contributor to the Information Technology (IT) department and subject matter expert. The CSA is responsible for implementing best practice security methods and identifying existing processes within the organization for security improvements where possible. The CSA will work with a team of IT members within the U.S. as well as the Partners In Health (PIH) global care delivery IT members to support and maintain the organization’s security posture. The CSA will be part of a team working towards the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) implementation within the organization. The CSA will lead security implementations across on-premise and Cloud platforms managed and maintained by the PIH IT team.

Responsibilities

• Lead technical evaluation of security technologies that address current and future needs based on emerging threats and industry trends.
• Lead the implementation of a unified identity platform and access management.
• Lead security efforts in bringing PIH in line with NIST CSF framework.
• Design improvements to the security architecture around the organizational environment, applying the principle of least privilege to improve identity and access management.
• Design, manage and maintain monitoring & alerting platform to proactively secure potential risks across the organizational landscape.
• Build automation to manage and maintain security updates across variousapplications, operating systems including vulnerability management.
• Manage and maintain security tools and technologies such as SIEM, EDR, IDS/IPS, firewalls, and antivirus solutions. Configure and fine-tune these tools to maximize their effectiveness in detecting and preventing threats.
• Participate in conducting gap analyses, security and risk assessments with both internal and external stakeholders.
• Coordinate with multiple departments to identify, triage, and remediate gaps in current security posture.
• Work with a variety of security efforts that span areas such as cloud infrastructure, application, system, and network level initiatives.
• Document processes and implementations across the plethora of environments and systems managed by the IT team.
• Responsible for maintaining and maturing the security posture of the organization.
• Respond to and act on security incidents and lead security audits of various platforms utilized across the organization landscape.
• Provide training and awareness programs to educate employees about cybersecurity best practices, policies, and procedures. Promote a culture of security throughout the organization.
• Other duties assigned to ensure the proper functions of the team & meet organizationsneeds as identified.

Qualifications

• Bachelor (4-year) degree, with a technical major, such as engineering or computer science.
• Work experiencein place of Bachelor degree (2years as System Engineer or equivalent).
• 5-8 years of Information Security discipline experience.
• Experiencewith NIST, CIS,CMMC,ISO27001/2, GRC frameworks and their implementation process.
• Certifications related to CSSP, CISSP, CEH.
• Knowledge of Zero Trust model and their implementation process.
• Strong problem-solving skills.
• In-depth knowledge of computer and network systems.
• Ability to travel up to 2-4weeks per year.
• Ability to lift up to 50lbs without assistance.
• Ability to describe technical information in easy-to-understand terms.
• Exemplary interpersonal skills; ability to collaborate effectively with culturally diverse staffacross departments and country.
• Interest in social justice strongly desirable.

Organizational Profile

Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical science first and foremost to the most vulnerable communities around the world. PIH focuses on those who would not otherwise have access to quality health care. PIH partners with the world’s leading academic institutions to create rigorous evidence that shapes more sound and all-inclusive global health policies. PIH also supports local governments’ efforts to build capacity and strengthen national health systems.

As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico, Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of patients, through public facilities and community engagement.

Partners In Health (PIH) is committed to the fundamental principle of equal opportunity and equal treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender, sexual orientation, gender identity and/or expression, military or veteran status, or any other characteristic protected under applicable federal, state or local law. PIH works in and with a number of governments in and outside the U.S., and to the extent applicable, this statement is intended to incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries, states and municipalities.

Partners In Health participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9.

The pay range for this position at commencement of employment is expected to be between $70,000 and $90,000/year. The starting salary offered may vary depending on multiple individualized factors, including market for the position, job-related knowledge, skills and experience.

Subject to the terms and conditions of the applicable plans then in effect, eligible employees may enroll in a 401(k) plan with employer match, as well as participate in organization-sponsored medical, dental, vision, short-term and long-term disability insurance, and basic life insurance plans for the employee and the employee’s eligible dependents. Full time employees will receive 15 days of vacation, 12 sick days, 3 personal days, and 3 volunteer days in addition to paid time off during the week between Christmas and New Year’s Day, the week of July 4th, and 11 additional holidays annually.