Fallon Technology Jobs

mobile fallon logo

Job Information

Fallon Health Information Security Analyst - Growing Healthcare Organization in Worcester, Massachusetts


About Fallon Health

Founded in 1977, Fallon Health is a leading health care services organization that supports the diverse and changing needs of those we serve. In addition to offering innovative health insurance solutions and a variety of Medicaid and Medicare products, we excel in creating unique health care programs and services that provide coordinated, integrated care for seniors and individuals with complex health needs. Fallon has consistently ranked among the nation’s top health plans, and is accredited by the National Committee for Quality Assurance for its HMO, Medicare Advantage and Medicaid products. For more information, visit fallonhealth.org

The Information Security Analyst works under the guidance and direction of the Manager, Information Technology Security and Risk and is responsible for proper handling of escalated support calls related to application and database security, participating in cyber security incident response as needed, monitoring application and database access, understanding application exploitation techniques, and providing a strategy to mitigate risk while maintaining intrusion containment.

In addition, this position will be tasked with proactive vulnerability assessment, threat detection, forensic investigation support, and support of systems development and deployment with security best practices


  • Conduct Application Access reviews with Application owners

  • Prepare and formalize Access review results for testing by Internal and External auditors

  • Document business and IT processes, identify key controls and identify process improvements opportunities.

  • Extract and compile data for audit testing using standard software such as Microsoft Access, Excel, or audit software.

  • Review and assess systems and controls for compliance with policies and regulations, adequacy of design and execution, and security of data and access to identify weaknesses and other areas for improvement.

  • Communicate IT Audit results and recommendations to IT Management

  • Finalize audit reports, incorporating management responses.

  • Promote implementation of best practices to strengthen internal controls.

  • Tested various controls including: Application Access Controls.

  • Performed walk-through and detail internal IT testing of controls to determine if controls are properly designed and operating effectively.

  • Train Application owners in Access review responsibilities

  • Documented internal testing exceptions and procedural improvements.

  • Maintained a good working relationship with Enterprise application owners


  • Minimum 3 years’ experience in information security, information technology or related field

  • Working knowledge of information security risk remediation.

  • Experience in security aspects of multiple platforms, programming languages, database technology, software, and networking technology

  • Must be highly skilled and proficient in problem solving, with an aptitude and willingness to learn new technologies

  • Ability to research, review, identify and articulate the potential impact of new or revised technologies or processes on the organization's security posture

  • Strong written and oral communication skills

  • The ability to communicate effectively (clear, concise and professionally) with customers, team members and upper management

  • Demonstrated sound judgment and integrity

  • Knowledge of and experience with the NIST Cybersecurity Framework, HIPAA, and PCI-DSS

  • Ability to work collaboratively with a broad range of constituencies.

Associate or Bachelor’s degree in Information Technology field (dependent upon experience)

CISSP, GCIA, or CISA preferred

Job ID 5699

# Positions 1

Category Information Technology