Senior Information Technology Security Manager

The Massachusetts Health Connector seeks a Senior Information Technology Security Manager to join our Information Technology (IT) team. The Senior Information Technology Security Manager is responsible for managing MARS-E compliance and day-to-day security operations for the Health Connector, leading Health Connector’s IT security function, and protecting data and infrastructure from new and evolving cybersecurity threats. Additionally, the Senior Information Technology Security Manager will act as a liaison between IT and other functions within the organization as needed. The position reports to the Director of Infrastructure and Security.

Key Responsibilities Include

• Oversee annual third-party assessments of internal IT operations, including cybersecurity incident analysis and response, vulnerability assessments, penetration testing, and an internet security profile
• Review findings from audits and identify and manage vulnerabilities that should be mitigated.
• Manage the Health Connector’s security program, continuously evaluating opportunities to identify, assess, prevent, and respond to security threats, including but not limited to:

Acceptable Use Policy and other Procedures/Standards

Threat and Vulnerability Management

Incident Response Plan

Endpoint Protection

DNS-Layer Content Filtering

CMS and State security compliance

• Create and update security policies, procedures, and tools to protect data and systems.
• Oversee Health Connector vendor adherence to security obligations and MARS-E compliance by reviewing assessments, evaluating responses and findings.
• Serve as primary point of contact for the management and handling of IT and vendor-related security events.
• Partner with HIX security team regarding modifications and maintenance of the Health Connector footprint and compliance, including reporting and audit responses to CMS.
• Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions.
• Interface with other members of the Information Technology team, as well as Legal, Privacy and leaders of business units throughout the Health Connector to share and solicit their involvement in strengthening the enterprise risk posture.
• Oversee the day-to-day security operations, coordinating with various teams internal and external to The Health Connector.
• Maintain a Disaster Recovery framework and oversee implementation of the approach to ensure business continuity, appropriate backup procedures, and preservation of IT assets.
• Supervision of other staff supporting security and compliance.
• Other duties as assigned.

Experience & Qualifications

• A bachelor's degree required. Study disciplines in computer science, information security or a related field preferred.
• 7 – 9 years of experience in a senior security management role, with experience developing and implementing security strategies and frameworks.
• 4 years direct supervisory experience.
• Up-to-date knowledge of emerging security threats, trends and technologies.
• Experience in conducting security audits, risk assessments and managing incident response processes.
• Knowledge of information security program designs and applicable regulatory or statutory compliance, including MARS-E and NIST.
• Deep understanding of cybersecurity, data protection regulations and industry best practices.
• Analytical mindset and strong problem-solving skills to assess risks, analyze complex security issues and develop appropriate solutions.
• Ability to interact at all levels of the organization and demonstrate effective communication in speech and writing.
• Strong leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and senior management.
• Relevant certifications such as CISSP, CISM, or CRISC preferred.

If interested: Send a cover letter and résumé to Connector.Jobs@mass.gov.

Salary: $ 117,000 - $127,000/year

Please note:

• Due to the requirement of 268A, please complete the Applicant Disclosure Form and return it with your application.
• All Health Connector employees are required to provide satisfactory proof of eligibility to work in the United States
• The Health Connector is operating on a hybrid work arrangement with 2 days in the downtown Boston office and 3 days working from home.
• Employee may be requested to work an extended day and weekends to meet deadlines

About the Health Connector:

The Commonwealth Health Insurance Connector Authority (Massachusetts Health Connector) is an independent public authority serving as the Affordable Care Act (ACA)-compliant marketplace for the Commonwealth. The organization is charged with providing subsidized and unsubsidized health insurance to individuals and small employers. The Health Connector also oversees policy development related to health care reform under both state and federal laws, as well as conducting public education and outreach about health care reform and coverage opportunities.

The Health Connector is an equal-opportunity employer that values diversity as a vital characteristic of its workforce. We consider qualified applicants without regard to race, color, religion, gender, sexual identity, gender identity, national origin, or disability.