Position Description
Key Responsibilities:
- Security Strategy Development: Lead the creation and execution of a strategic, comprehensive enterprise Information Security Architecture and design methodology to ensure the protection of information assets.
- Secure Architecture Assessment: Assess current systems and platforms in place for risk assessment/recommendations based on current systems and programs.
- Security Architecture Design: Design and implement secure systems and networks, ensuring they fulfill technical and functional security requirements.
- Secure SDLC Design: Integrate security best practices and methodologies through all phases of the Software Development Life Cycle (SDLC) to ensure secure design, development and deployment of applications.
- Compliance and Standards: Work with compliance and risk teams to ensure industry standards and regulatory requirements such as ISO 27001, GDPR, HIPAA, SOC 2, etc.
- Threat Modeling: Lead the design and implementation of a threat-modeling program at HMS. Conduct detailed threat modeling to identify potential security issues and vulnerabilities, developing strategies to counteract these risks.
- Penetration Testing: Coordinate and execute penetration testing activities to proactively discover and rectify security weaknesses within the organization's IT environment.
- Building and Maintaining Security Asset Management Platform: Develop and sustain an integrated security asset management platform to ensure a comprehensive understanding and management of all security-related assets. This includes inventory tracking, security posture assessment, and lifecycle management to enhance the organization's security framework.
- Emerging Technology Monitoring: Keep abreast of the latest security technologies and trends, along with potential threats, to continuously improve the security stance of the organization.
- Stakeholder Collaboration: Work closely with IT, compliance, and business units to ensure security measures are aligned with business objectives and operational needs.
Basic Qualifications
- Minimum of seven years’ post-secondary education or relevant work experience
Additional Qualifications and Skills
- Minimum of 5-7 years experience in an Information Security role, with at least 2-3 years in Security Architecture or similar capacity.
- Professional security management certification, such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent, is highly preferred.
- Deep knowledge of security protocols, cryptography, authentication, authorization, and overall security.
- Proficiency in cloud Security Architecture and mobile security.
- Expertise in threat modeling, penetration testing, and security asset management.
- Experience designing and implementing enterprise-wide security programs and frameworks.
- Excellent verbal and written communication skills, with the ability to effectively communicate security and risk-related concepts to a broad audience.
- Strong collaboration and influence skills to partner with stakeholders.
- Demonstrated leadership skills and the ability to mentor team members.
Certificates and Licenses
- Completion of Harvard IT Academy Information Security Foundations course (or external equivalent) preferred
- IT Security Certification preferred; e.g., CISSP, CISA/CISM, and/or GIAC
Additional Information
Please note that we are currently conducting a majority of interviews and onboarding remotely and virtually. We appreciate your understanding.
The Harvard Medical School is not able to provide visa sponsorship for this position.
Not ready to apply? Join our talent community to keep in touch and learn about future opportunities! (https://www.gem.com ?formID=16341e35-cbc6-4904-88a3-09b35763307e)
Work Format Details
Benefits
- Paid Time Off: 3-4 weeks of accrued vacation time per year (3 weeks for support staff and 4 weeks for administrative/professional staff), 12 accrued sick days per year, 12.5 holidays plus a Winter Recess in December/January, 3 personal days per year (prorated based on date of hire), and up to 12 weeks of paid leave for new parents who are primary care givers.
- Health and Welfare: Comprehensive medical, dental, and vision benefits, disability and life insurance programs, along with voluntary benefits. Most coverage begins as of your start date.
- Work/Life and Wellness: Child and elder/adult care resources including on campus childcare centers, Employee Assistance Program, and wellness programs related to stress management, nutrition, meditation, and more.
- Retirement: University-funded retirement plan with contributions from 5% to 15% of eligible compensation, based on age and earnings with full vesting after 3 years of service.
- Tuition Assistance Program: Competitive program including $40 per class at the Harvard Extension School and reduced tuition through other participating Harvard graduate schools.
- Tuition Reimbursement: Program that provides 75% to 90% reimbursement up to $5,250 per calendar year for eligible courses taken at other accredited institutions.
- Professional Development: Programs and classes at little or no cost, including through the Harvard Center for Workplace Development and LinkedIn Learning.
- Commuting and Transportation: Various commuter options handled through the Parking Office, including discounted parking, half-priced public transportation passes and pre-tax transit passes, biking benefits, and more.
- Harvard Facilities Access, Discounts and Perks: Access to Harvard athletic and fitness facilities, libraries, campus events, credit union, and more, as well as discounts to various types of services (legal, financial, etc.) and cultural and leisure activities throughout metro-Boston.
Job Function
Department Office Location
Job Code
Work Format
Sub-Unit
Salary Grade
Department
Union
Time Status
Pre-Employment Screening
Commitment to Equity, Diversity, Inclusion, and Belonging
https://hms.harvard.edu/about-hms/campus-culture/mission-community-values-diversity-statement
EEO Statement
LinkedIn Recruiter Tag (for internal use only)