Careers

Posted: February 20, 2025

The Massachusetts Health Connector seeks a Senior Information Technology Security Manager to join our Information Technology (IT) team. The Senior Information Technology Security Manager is responsible for managing MARS-E compliance and day-to-day security operations for the Health Connector, leading Health Connector’s IT security function, and protecting data and infrastructure from new and evolving cybersecurity threats. Additionally, the Senior Information Technology Security Manager will act as a liaison between IT and other functions within the organization as needed. The position reports to the Director of Infrastructure and Security.

• Oversee annual third-party assessments of internal IT operations, including cybersecurity incident analysis and response, vulnerability assessments, penetration testing, and an internet security profile
• Review findings from audits and identify and manage vulnerabilities that should be mitigated.
• Manage the Health Connector’s security program, continuously evaluating opportunities to identify, assess, prevent, and respond to security threats, including but not limited to:
  • Acceptable Use Policy and other Procedures/Standards
  • Threat and Vulnerability Management
  • Incident Response Plan
  • Endpoint Protection
  • DNS-Layer Content Filtering
  • U.S. Centers for Medicare & Medicaid Services (CMS) and State security compliance
• Create and update security policies, procedures, and tools to protect data and systems.
• Oversee Health Connector vendor adherence to security obligations and MARS-E compliance by reviewing assessments, evaluating responses, and findings.
• Serve as primary point of contact for the management and handling of IT and vendor-related security events.
• Partner with state Health Insurance eXchange (HIX) security team regarding modifications and maintenance of the Health Connector footprint and compliance, including reporting and audit responses to CMS.
• Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions.
• Interface with other members of the Information Technology team, as well as Legal, Privacy, and leaders of business units throughout the Health Connector, to share and solicit their involvement in strengthening the enterprise risk posture.
• Oversee the day-to-day security operations, coordinating with various internal and external teams at the Health Connector.
• Maintain a Disaster Recovery framework and oversee implementation of the approach to ensure business continuity, appropriate backup procedures, and preservation of IT assets.
• Supervision of other staff supporting security and compliance.
• Other duties as assigned.

• A bachelor’s degree required. Study disciplines in computer science, information security or a related field preferred.
• 7 – 9 years of experience in a senior security management role, with experience developing and implementing security strategies and frameworks.
• 4+ years direct supervisory experience.
• Up-to-date knowledge of emerging security threats, trends and technologies.
• Experience in conducting security audits, risk assessments and managing incident response processes.
• Knowledge of information security program designs and applicable regulatory or statutory compliance, including MARS-E and NIST.
• Deep understanding of cybersecurity, data protection regulations and industry best practices.
• Analytical mindset and strong problem-solving skills to assess risks, analyze complex security issues and develop appropriate solutions.
• Ability to interact at all levels of the organization and demonstrate effective communication in speech and writing.
• Strong leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and senior management.
• Relevant certifications such as CISSP, CISM, or CRISC preferred.