General Duties and Responsibilities:
• Assist in the development, implementation, and/or ongoing maturation of client security and compliance initiatives.
• Audit and assess internal agency systems as well as business partner, service provider, and vendor information system security controls.
• Utilize the Microsoft Office software suite, eGRC system, Bizagi, Atlassian, and other products to document and report on information gathered during audit and assessment activities or other OIA efforts.
• Participate in third-party audits and/or assessments of agency and business partner systems.
• Collaborate with agency leadership, business partners, and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.
• Strong working knowledge of FISMA, NIST, and HIPAA Security and Privacy requirements, standards, and guidelines.
• 5+ years of experience working in the Information Technology field or auditing Information Technology systems or programs.
• ISC (2), ISACA, SANS GIAC, or other similar Information Security Certification is required.
• Documented experience in the creation and maintenance of Risk Management Framework (RMF) and Assessment and Authorization (A&A) artifacts such as System Security Plans, Privacy Impact Assessments, Interconnection Security Agreements, Computer Matching Agreements, and Plans of Action and Milestones.
• Ability to work independently and as a member of a team.
• Ability to multitask and prioritize tasks effectively in order to meet deadlines.
• Ability to engage diverse audiences of varying technical and non-technical skill-levels to ensure effective alignment of technical requirements to business objectives.
• Ability to collaborate and coordinate efforts among multiple teams and vendors.
• Must have intermediate to advanced skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency.
• Keen attention to detail while maintaining the ability to see the big picture.
• Ability to absorb, retains, and communicates complex processes.
• Ability to accept changes and constructive criticism and to remain flexible in dealing with leadership and teams of varying technical and business knowledge.
• Bachelor’s degree in computer science or similar discipline.
• Prior Health Information Technology experience.
• Previous Medicaid experience.
• Understanding of LEAN and Agile development practices.