Jobs · Engineering · Virginia

IT Security Governance Officer

Commence · Virginia Beach, VA · 2 wk ago
EngineeringFull-time

Requirements

  • Learn, document, and implement Federal and CMS information security controls in compliance with CMS IS2P2, FISMA, FedRAMP, HIPAA, and all applicable CMS security policies and procedures.
  • Disseminate and implement IT policy that aligns with CMS requirements; provide interpretation of current policies in response to inquiries or specific incidents.
  • Oversee the Security Assessment and Authorization (SA&A) process, including development and maintenance of the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and related ATO documentation.
  • Ensure all contractor personnel complete required CMS Information Security Awareness, Privacy, and Records Management training annually; maintain training records per CMS procedures.
  • Manage compliance with CMS encryption standards, FIPS 140 requirements, asset inventory, configuration management, vulnerability scanning, and patch remediation timelines per CMS policy.
  • Serve as primary liaison to CMS on all information security and privacy matters; respond to security incidents within required timeframes and coordinate with the CMS Incident Response Team (IRT) as directed.
  • Oversee Data Use Agreement (DUA) processes and ensure compliance with CMS data access policies through the Enterprise Privacy Policy Engine (EPPE) system.
  • Maintain a complete and current inventory of all IT assets and ensure devices meet CMS and HHS-specific encryption and configuration standards.
  • Support CMS audits, security assessments, and annual performance reviews; allow government access to facilities, systems, and personnel as required.

Qualifications

  • Minimum 5 years of combined work experience, with at least 3 of those years in the healthcare industry supporting either Federal Government agencies or commercial healthcare market in a role such as CIO, Information Technology Manager, Chief Technology Officer, or Network Administrator.
  • Knowledge of the Medicare Fee-for-Service (FFS) program and familiarity with CMS information security requirements, including FISMA, FedRAMP, HIPAA, CMS IS2P2, and the CMS Business Partner System Security Manual (BPSSM).
  • Bachelor's degree in Information Systems, Computer Science, or other related technology field required. Relevant work experience in a related field may be considered in lieu of a bachelor's degree.

Preferred Qualifications

  • Prior IT security governance or CIO-equivalent leadership experience on a CMS contract with demonstrated knowledge of CMS Security Assessment and Authorization (SA&A) processes.
  • Relevant certification such as CISSP, CISM, CISA, or equivalent information security credential.
  • Experience managing FedRAMP authorization packages and working with third-party assessment organizations (3PAOs) for moderate-impact federal systems.
  • Familiarity with CMS esMD, RACDW, IDR, and other CMS-designated data systems used in Medicare medical review operations.

Similar jobs

Security Officer

Lifepoint Health®Hancock, MI· 1 wk ago
Information Technologyapply on jobs.lifepointhealth.net

Security Officer

Securitas Security Services USA, Inc.Solway, MN· 6 days ago
Information Technology$17/hrapply on ekaw.fa.us2.oraclecloud.com

Security Officer

Securitas Security Services USA, Inc.Auburn Hills, MI· 6 days ago
Information Technology$20/hrapply on ekaw.fa.us2.oraclecloud.com

Security Officer

Pacific SecurityMoses Lake, WA· 2 wk ago
Information Technology$17.5–$18.5/hrapply on pacsecurity.exacthire.com

Security Officer

Prairie MeadowsAltoona, IA· 1 wk ago
Information Technology$20/hrapply on workforcenow.adp.com

SECURITY OFFICER

Oneida HealthOneida, NY· 1 wk ago
Information Technologyapply on paycomonline.net