Job Description

The Executive Office of Health and Human Services is comprised of 11 agencies and the MassHealth program. EOHHS seeks to promote the health, resilience, and independence of the nearly one in three residents of the Commonwealth we serve. Our public health programs touch every community in the Commonwealth. To know more about EOHHS please visit https://www.mass.gov/orgs/executive-office-of-health-and-human-services.

The Incident Response Supervisor will oversee the day-to-day operations of the Incident Response and Forensics teams. Incident Response operations primarily involve liaising with executive leadership, the Commonwealth security operations center and industry peers, detecting and responding to potential security events/incidents, ensuring implementation of technical security controls, and making recommendations for security team planning and projects. Forensic team operations include responding to public record requests, performing employee investigations, forensic preservation of data for litigation, and other duties to support legal staff and the Chief Information Security Officer.

• Develop and maintain the security incident response process, including all required supporting documentation and materials.
• Develop functional requirements for roles that will be involved in the incident response and forensic programs.
• Work with business units, IT, and external parties to ensure that the process is mutually understood and agreed on, and that responsibilities are clear and accepted.
• Initiate incident command and execute decision authority to the extent defined by the incident response plan.
• Act as primary point of contact for Commonwealth Security Operations Center, providing and requesting information as needed to maximize security posture and visibility surrounding potential incidents.
• Organize, participate in and, if required, chair post-incident reviews for presentation to the senior management.
• Lead the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary, reporting to the Deputy Chief Information Security Officer any actual or potential breach in security.
• Lead efforts to further mature Incident Management & Response program through completing gap analyses, and developing robust, supplementary policy and procedure documentation.
• Assist Forensic Analysts with performing e-discovery and employee investigations as required.
• Work closely with Agency Legal Counsel and EOHHS's Legal Counsel.
• Maintain relationships with local, state and federal law enforcement and other related government agencies such as the Attorney General's Office.
• Work with vendors and outside consultants as appropriate for independent security audits and eDiscovery
• Responsible for the timely, accurate and courteous delivery of security services to Agency, Secretariat and Non-Secretariat Staff assuming personal responsibility to assure that all unit business is conducted in a professional and cooperative manner.
• Assume personal responsibility to maintain technical proficiency.
• Responsible for training and supervising activities of all direct reports.
• Responsible for managing forensics projects, incident response practices, software deployment, tools management and other activities critical to maintaining EOHHS's security posture.
• Work with operations teams to ensure change management procedures are used appropriately.

• Act as a technical advisor in the routine use of risk assessments and risk management planning related to the information security features of systems, networks, information technology resources and related administrative activities.
• Maintain global security policies, procedures, standards, guidelines and practices that are compliant with related law, regulation, policy, and professional standards and which ensure ongoing maintenance of security.
• Maintain a system that fosters review and monitoring of risk assessments and risk management planning related to the information security features of systems, networks and information technology resources throughout EHS.
• Responsible for the working with IT operations in the creation of Active Directory security policies, login scripts, groups, access rights, email and user administration.

• A minimum of seven (7) years of experience in IT security/technology
• Prior supervisory experience is a plus but not required.
• Knowledge of methods and motivations adopted by threat actors to coordinate cybersecurity attacks on IT and information systems.
• Knowledge of cybersecurity incident management policies, processes and tools.
• Familiarity with legal requirements for privacy of personal information from employees and constituents.
• Familiarity with standard security policies (AUP, IR plans, etc.).
• Working knowledge of Standards and Regulations (HIPAA, HITECH, Federal 3rd party data).
• Experience with Vulnerability and Penetration Testing, including perimeter security management.
• Knowledge of ITIL processes including but not limited to incident management, problem management, configuration management, and change management.
• Possess a Multi-level Security discipline, including a background in firewall and VPN configuration and management, virus scanning and encryption, Active Directory and access management, scripting (bash, PowerShell), and IT Infrastructure security.
• Hands-on security experience with tools such as (EnCase, FTK, Harvester, etc.) for on-premises and cloud environments.
• Proficiency with computing machine components, memory analysis, and scoping hardware for system requirements.

• A criminal background check will be completed on the recommended candidate as required by the regulations set forth by the Executive Office of Health and Human Services prior to the candidate being hired. For more information, please visit http://www.mass.gov/hhs/cori.

• Education, licensure and certifications will be verified in accordance with the Human Resources Division's Hiring Guidelines.

• Education and license/certification information provided by the selected candidate(s) is subject to the Massachusetts Public Records Law and may be published on the Commonwealth's website.

• If you require assistance with the application/interview process and would like to request an ADA accommodation, please click on the link and complete the ADA Reasonable Accommodation Request Form.

• For questions, please the contact the Office of Human Resources at 1-800-510-4122 and select option #4.