Information Security Manager

Confidential Company  •  Boston, MA
Salary depends on experience
Posted on 12/07/17 by Cynet Sytems
Confidential Company
Boston, MA
IT Consulting/Services
Salary depends on experience
Posted on 12/07/17 Cynet Sytems

We are looking for Information Security Manager for our client in Boston, MA

Job Title: Information Security Manager

Job Location: ???Boston, MA

Job Type: Contract – 12 Months / Contract to Hire / Direct Hire

“US citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.”

Job Description:

The HIX/IES Information Security Manager will be required to perform risk assessments, develop strategies and security controls for all aspects of the MA-HIX system, including:

  • Portal
  • Identity & access management
  • Infrastructure & operations
  • Privacy and data protection
  • Security management
  • Vulnerability management
  • Business continuity

Additional responsibilities include but are not limited to:

  • Assure Privacy Policies and Procedures are compliant with the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule, other applicable federal laws and regulations, and applicable State laws and regulations.
  • Assure the covered entities business practices are compliant by evaluating procedures against the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule.
  • Assure that workforce members are compliant by clarifying the Privacy Policies and Procedures when questionable.
  • Ensure implementation of any changes necessary to gain compliance with the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule that are approved by the client.
  • Ensure Protected Health Information (PHI) confidentiality requirements are being met.
  • Ensure Federal Tax Information (FTI) confidentiality requirements are being met.
  • Identify and evaluate technologyrisks.
  • Support the develop information security policies for controls to mitigate risks
  • Work with MA-HIX team to implement security controls
  • Work with the Security & Privacy Compliance Manager to develop security work plan estimates
  • Assist in reviews of MA-HIX Disaster Recovery Plan
  • Represent the MA-HIX team as the security and privacy expert whenever privacy issues or meetings arise.
  • Assist with preparations and updates to the SecurityRisk Assessment, System Security Plan (SSP), Safeguard SecurityReport (SSR) and othersecurity related documents
  • Professional collaboration with Commonwealth agencies and 3rd Party service providers in support of the Commonwealth Massachusetts Health Exchange (MA-HIX) Security Management Program (SMP) objectives.
  • Experience with NIST 800-53, HIPAA/HITECH, IRS1075, FEDRAMP, PCI, ITIL, & ISO27K.
  • Ability to plan, coordinate, and gain consensus on security related activities including ongoing oversight, monitoring, and measuring success.
  • Possess a strong technical background in areas including Enterprise Architecture, Database & Systems Design, n-tier solutions, Cloud Services, Security & Incident Event Monitoring (SIEM), network controls, .Net, and j2ee.
  • Support the Risk Management program including gap identification, remediation planning, coordination with stakeholders, and reporting
  • Coordinate security controls review and documentation with applicable Commonwealth Agencies and 3rd Party Service Providers
  • Perform documentation reviews to ensure adequate security and privacy controls as part of the program Deliverables Review process
  • Attend business, technical, and operational meetings providing securitysupport and representation while ensuring planned activities are not negatively impacting compliance mandates or creating risk exposure
  • Provide security related documentation deliverables for multi-level audiences including Executive Leadership, Business Units, Legal Counsel, and 3rd Party Service Providers.
  • Remain vigilant on securitythreats that may impact the MA-HIX program and surround processes.


  • Bachelor’s Degreerequired, Master’s Degreepreferred
  • Demonstrate knowledge in or more of the following information security domains:
  • Security Governance and Management
  • Security Policies and procedures
  • Federal, State Privacy Laws
  • CMS Minimum Acceptable Risk Standards for Exchanges (MARS-e)
  • IRS1075.
  • Tax Information Security Guidelines
  • Application security controls
  • Identity & Access management
  • Risk management
  • Privacy and data protection
  • Disaster recovery and business continuity
  • Familiarity with securitytechnology standards (SAML, XACML, SPML)
  • Familiarity with securitylaws and requirements (NIST, FEDRAMP, IRS1075, HIPAA, HITECH, FISMA, FICAM)
  • Experience with internal controls, risk controls, business process, testing, and audits
  • Experience in health care insurance industry is plus
  • Excellent verbal and written communication

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.