NCDHHS- PSO IT Security Specialist st

NC DHHS Privacy and Security Office (PSO) requiring services of an IT Security Compliance Specialist to assist NC FAST Application and Infrastructure Modernization(AIM)

NC DHHS Privacy and Security Office (PSO) requiring services of an IT Security Compliance Specialist to assist and assess the NC FAST Application and Infrastructure Modernization(AIM) CMS USDA and ACF requirements for the project. In addition this resource must also review the RFP MOU and MOA for privacy security Business Continuity Planning Disaster Recovery and audit requirements. This resource must identify the risks and assist in the development of mitigation strategies and to establish the target security / infrastructure architecture.

Duties include are not limited to :

• The ideal candidate for this role plans implements upgrades or monitors security measures for the protection of computer networks and information.

This candidate will be expected to continuously assess the development process and suggest improvements.

Supports the ISSO with the management of system security plans ensure the systems obtain and maintain an authorization to operate (ATO) and meets all requirements for certification and provide support to achieve all activities associated with the Assessment and Authorization (A&A) process.

Provides support and security compliance to meet the security standards for Applications and systems in Cloud environments (AWS or Azure or Google etc.).

Provides Security compliance oversight of information systems security program for applications and systems within the ATO boundary leveraging MARSE NIST and HIPPA Guidelines.

Coordinates with the O&M and Infrastructure team to ensure COTS and other support software is current and compliant with current InfoSec policies; The program participates in the IT Continuous Monitoring Program.

Provides support to Software Developers Engineers and other team members on the optimal methods to meet security requirements while minimizing impact and delays in meeting mission requirements.

Work closely with the Enterprise Architecture (EA) Database Administrator (DBA) Migration and Application Development teams to develop and implement automated Disaster Recovery capabilities including automated alerting notifications containment data backup & recovery.

Partner with EA and Application Development teams to develop Security Event Logging and Monitoring processes.

Perform internal assessments of security controls to ensure compliance with legislation regulation and technical standards with technical teams.

Monitor infrastructure assets and services evaluate application / system components through system compliance examinations and testing utilizing NIST 80053.

Tracks and monitors remediation efforts stemming from IT assessment and financial audits through Plans of Actions and Milestones (POA&Ms) and Correction Action Plans (CAPs) and informing Senior Leadership of security measures in place.

Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.

It is imperative that the candidate possess and apply a comprehensive system security knowledge across key tasks and high impact assignments.

5 years of related work experience

5 years experience providing security compliance requirements for Applications in Cloud environments (AWS or Azure or Google etc.)

5 years experience updating or maintaining SSP / SSPP documents.

5 years experience participating in Assessment & Authorization (A&A / ATO)

5 years experience supporting infrastructure assets and services by proactive monitoring evaluating application / system components through system compliance examinations and testing utilizing NIST 80053

5 years experience providing security engineering review and recommendations.

5 years experience working with large teams in an Agile environment.

5 years ISSO experience

Experience coordinating and working under an ATO.

Experience assessing system modifications such as major and minor releases and potential security impacts.

Experience providing recommendations for improvement to amend vulnerabilities.

Experience assisting Program Managers and Senior Leadership developing Correction Action Plans (CAPs) when responding to IT and Financial audits.

The ideal candidate will have experience working with current and emerging information security technologies privacy and development methodologies. Bachelor s degree in computer science management information systems or related field preferred. Candidate must have security architecture knowledge like TOGAF and MITA. Good analytical and creative problem solving skills and relies on experience and judgment to plan and accomplish goals independently performs a variety of complicated tasks with a wide degree of creativity and latitude is expected.

Required / Desired Skills

Skill

Required / Desired

Amount

of Experience

Experience implementing AWS Security configurations

Required

Years

Experience performing Security Operations Center capabilities such as Logging and Monitoring Incident Handling Disaster Recovery.

Required

Years

Experience providing security compliance requirements for Applications / Systems in Cloud Environments (AWS Azure Google cloud)

Required

Years

Must be able to review & assess MES systems throughout all phases of their life cycle in an effort to identify Privacy Security Architecture

Required

Years

Risk Management must be able to Identify gaps through risk management and assist in the development of mitigation strategies.

Required

Years

Experience updating privacy and security policies based on gaps found through an assessment process.

Required

Years

Experience documenting vulnerability assessment results in a accurate clear actionable and available way to appropriate personnel

Required

Years

Must be able to serve as a knowledge base for organizations as it relates to CMS and state compliance requirements & mitigation strategies.

Required

Years

Experience Performing risk assessments based on NIST 80053 Rev 4. HIPAASSA and IRS Pub 1075.

Required

Years

Experience with network mapping and vulnerability scanning tools such as NESSUS and NMAP.

Required

Years

Experience in reviewing RFP RFQ MOU and MOA for privacy and security architecture requiremetns

Required

Years

Experience in reviewing the Business Continuity plans Disaster Recovery Testing plans based on Federal and State requirements

Required

Years

MITA (Medicaid Information Technology Architecture) Experience

Highly desired

Years

Experience performing DevSecOps Engineering capabilities

Desired

Years

Questions

Question

Question1

Absences greater than two weeks MUST be approved by CAI management in advance and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement

Question2

Remote work is available with the managers approval. Do you accept this requirement

Question3

Please list candidates email address HERE that will be used when submitting ERTR.

Question4

Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.

Question5

Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement

Question6

Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement

Question7

Candidates submitted above the bill rate of XX121.00 may not be considered. Do you accept this requirement