Information Security Manager


Boston, MA

Industry: IT Consulting/Services


Not Specified years

Posted 368 days ago

  by    Cynet Sytems

This job is no longer available.

We are looking for Information Security Manager for our client in Boston, MA

Job Title: Information Security Manager

Job Location: ???Boston, MA

Job Type: Contract – 12 Months / Contract to Hire / Direct Hire

“US citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.”

Job Description:

The HIX/IES Information Security Manager will be required to perform risk assessments, develop strategies and security controls for all aspects of the MA-HIX system, including:

  • Portal
  • Identity & access management
  • Infrastructure & operations
  • Privacy and data protection
  • Security management
  • Vulnerability management
  • Business continuity

Additional responsibilities include but are not limited to:

  • Assure Privacy Policies and Procedures are compliant with the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule, other applicable federal laws and regulations, and applicable State laws and regulations.
  • Assure the covered entities business practices are compliant by evaluating procedures against the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule.
  • Assure that workforce members are compliant by clarifying the Privacy Policies and Procedures when questionable.
  • Ensure implementation of any changes necessary to gain compliance with the CMS Minimum Acceptable Risk Standards (MARS-e), IRS Safeguards, HIPAA Privacy Rule that are approved by the client.
  • Ensure Protected Health Information (PHI) confidentiality requirements are being met.
  • Ensure Federal Tax Information (FTI) confidentiality requirements are being met.
  • Identify and evaluate technologyrisks.
  • Support the develop information security policies for controls to mitigate risks
  • Work with MA-HIX team to implement security controls
  • Work with the Security & Privacy Compliance Manager to develop security work plan estimates
  • Assist in reviews of MA-HIX Disaster Recovery Plan
  • Represent the MA-HIX team as the security and privacy expert whenever privacy issues or meetings arise.
  • Assist with preparations and updates to the SecurityRisk Assessment, System Security Plan (SSP), Safeguard SecurityReport (SSR) and othersecurity related documents
  • Professional collaboration with Commonwealth agencies and 3rd Party service providers in support of the Commonwealth Massachusetts Health Exchange (MA-HIX) Security Management Program (SMP) objectives.
  • Experience with NIST 800-53, HIPAA/HITECH, IRS1075, FEDRAMP, PCI, ITIL, & ISO27K.
  • Ability to plan, coordinate, and gain consensus on security related activities including ongoing oversight, monitoring, and measuring success.
  • Possess a strong technical background in areas including Enterprise Architecture, Database & Systems Design, n-tier solutions, Cloud Services, Security & Incident Event Monitoring (SIEM), network controls, .Net, and j2ee.
  • Support the Risk Management program including gap identification, remediation planning, coordination with stakeholders, and reporting
  • Coordinate security controls review and documentation with applicable Commonwealth Agencies and 3rd Party Service Providers
  • Perform documentation reviews to ensure adequate security and privacy controls as part of the program Deliverables Review process
  • Attend business, technical, and operational meetings providing securitysupport and representation while ensuring planned activities are not negatively impacting compliance mandates or creating risk exposure
  • Provide security related documentation deliverables for multi-level audiences including Executive Leadership, Business Units, Legal Counsel, and 3rd Party Service Providers.
  • Remain vigilant on securitythreats that may impact the MA-HIX program and surround processes.


  • Bachelor’s Degreerequired, Master’s Degreepreferred
  • Demonstrate knowledge in or more of the following information security domains:
  • Security Governance and Management
  • Security Policies and procedures
  • Federal, State Privacy Laws
  • CMS Minimum Acceptable Risk Standards for Exchanges (MARS-e)
  • IRS1075.
  • Tax Information Security Guidelines
  • Application security controls
  • Identity & Access management
  • Risk management
  • Privacy and data protection
  • Disaster recovery and business continuity
  • Familiarity with securitytechnology standards (SAML, XACML, SPML)
  • Familiarity with securitylaws and requirements (NIST, FEDRAMP, IRS1075, HIPAA, HITECH, FISMA, FICAM)
  • Experience with internal controls, risk controls, business process, testing, and audits
  • Experience in health care insurance industry is plus
  • Excellent verbal and written communication