We are looking for Information Security Manager for our client in Boston, MA
Job Title: Information Security Manager
Job Location: ???Boston, MA
Job Type: Contract – 12 Months / Contract to Hire / Direct Hire
“US citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.”
The HIX/IES Information Security Manager will be required to perform risk assessments, develop strategies and security controls for all aspects of the MA-HIX system, including:
- Identity & access management
- Infrastructure & operations
- Privacy and data protection
- Security management
- Vulnerability management
- Business continuity
Additional responsibilities include but are not limited to:
- Assure Privacy Policies and Procedures are compliant with the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule, other applicable federal laws and regulations, and applicable State laws and regulations.
- Assure the covered entities business practices are compliant by evaluating procedures against the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule.
- Assure that workforce members are compliant by clarifying the Privacy Policies and Procedures when questionable.
- Ensure implementation of any changes necessary to gain compliance with the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule that are approved by the client.
- Ensure Protected Health Information (PHI) confidentiality requirements are being met.
- Ensure Federal Tax Information (FTI) confidentiality requirements are being met.
- Identify and evaluate technologyrisks.
- Support the develop information security policies for controls to mitigate risks
- Work with MA-HIX team to implement security controls
- Work with the Security & Privacy Compliance Manager to develop security work plan estimates
- Assist in reviews of MA-HIX Disaster Recovery Plan
- Represent the MA-HIX team as the security and privacy expert whenever privacy issues or meetings arise.
- Assist with preparations and updates to the SecurityRisk Assessment, System Security Plan (SSP), Safeguard SecurityReport (SSR) and othersecurity related documents
- Professional collaboration with Commonwealth agencies and 3rd Party service providers in support of the Commonwealth Massachusetts Health Exchange (MA-HIX) Security Management Program (SMP) objectives.
- Experience with NIST 800-53, HIPAA/HITECH, IRS1075, FEDRAMP, PCI, ITIL, & ISO27K.
- Ability to plan, coordinate, and gain consensus on security related activities including ongoing oversight, monitoring, and measuring success.
- Possess a strong technical background in areas including Enterprise Architecture, Database & Systems Design, n-tier solutions, Cloud Services, Security & Incident Event Monitoring (SIEM), network controls, .Net, and j2ee.
- Support the Risk Management program including gap identification, remediation planning, coordination with stakeholders, and reporting
- Coordinate security controls review and documentation with applicable Commonwealth Agencies and 3rd Party Service Providers
- Perform documentation reviews to ensure adequate security and privacy controls as part of the program Deliverables Review process
- Attend business, technical, and operational meetings providing securitysupport and representation while ensuring planned activities are not negatively impacting compliance mandates or creating risk exposure
- Provide security related documentation deliverables for multi-level audiences including Executive Leadership, Business Units, Legal Counsel, and 3rd Party Service Providers.
- Remain vigilant on securitythreats that may impact the MA-HIX program and surround processes.
- Bachelor’s Degreerequired, Master’s Degreepreferred
- Demonstrate knowledge in or more of the following information security domains:
- Security Governance and Management
- Security Policies and procedures
- Federal, State Privacy Laws
- CMS Minimum Acceptable Risk Standards for Exchanges (MARS-e)
- Tax Information Security Guidelines
- Application security controls
- Identity & Access management
- Risk management
- Privacy and data protection
- Disaster recovery and business continuity
- Familiarity with securitytechnology standards (SAML, XACML, SPML)
- Familiarity with securitylaws and requirements (NIST, FEDRAMP, IRS1075, HIPAA, HITECH, FISMA, FICAM)
- Experience with internal controls, risk controls, business process, testing, and audits
- Experience in health care insurance industry is plus
- Excellent verbal and written communication