Jobs · Information Technology · Virginia

Systems Security Specialist

Commence · Virginia Beach, VA · 2 wk ago
Information TechnologyFull-time

Requirements

  • Comply with CMS system security policies, procedures, and practices as outlined in CMS IS2P2, IOM Pub. 100-17, and the CMS Business Partner System Security Manual (BPSSM).
  • Respond to security breaches and provide CMS with security system updates; report any identified security vulnerabilities and risks in accordance with CMS incident response requirements (within 1 hour of discovery).
  • Designate appropriate levels of security clearance to employees; manage personnel security responsibilities including onboarding documentation and off-boarding procedures per CMS requirements.
  • Conduct or coordinate vulnerability scanning, configuration management, and patch remediation activities in accordance with CMS timelines (critical: 15 days; high: 30 days; medium: 90 days; low: 365 days).
  • Maintain and update the POA&M in CFACTS at least quarterly; support Security Assessment and Authorization (SA&A) activities including SSP, SAR, contingency plan, and ATO maintenance.
  • Ensure all staff complete required CMS training annually; maintain signed Rules of Behavior (ROB) for all employees per CMS policy.
  • Cook with the CMS Incident Response Team (IRT) on all information security incidents and breaches; implement incident response and breach notification procedures in accordance with CMS, OMB M-17-12, and US-CERT requirements.

Qualifications

  • Minimum 5 years of combined work experience, with at least 3 of those years in the healthcare industry supporting either Federal Government agencies or commercial healthcare market in a role such as SSO, Information Technology Specialist, Security Engineer, Information Security Analyst, or Information Systems Technician.
  • Knowledge of the Medicare program and demonstrated familiarity with CMS information security requirements including FISMA, FedRAMP, HIPAA, CMS IS2P2, and IOM Pub. 100-17 (CMS BPSSM).
  • Bachelor’s degree in Information Systems, Computer Science, or other related technology field required. Relevant work experience in a related field may be considered in lieu of a bachelor’s degree.
  • This position is fully dedicated to the contract, operates independently of IT operations, and may not hold responsibility for the operation, maintenance, or development of IT systems.
  • Preferred Qualifications
    • Prior SSO or Information Security Officer experience on a CMS contract with demonstrated knowledge of CMS SA&A processes and CFACTS.
    • Active information security certification such as CISSP, CISM, CISA, Security+, or equivalent recognized by a national information systems security organization.
    • Experience conducting or supporting SCAP-compliant vulnerability scanning, POA&M management in CFACTS, and annual security assessments/penetration testing for federal contractor systems at the FIPS 199 Moderate impact level.
    • Familiarity with CMS esMD, RACDW, and other CMS-designated systems used in Medicare medical review operations; experience managing data protection for PHI/PII under HIPAA and CMS DUA requirements.

Work Environment/Physical Demands

  • The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • This is a remote position. Candidates must be able to sit, read, work on a computer, and watch a computer screen for extended periods of time. Occasionally required to stand, walk, use hands and fingers, kneel or crouch.

About the Role

Manage the Medicare information security program and ensure implementation of necessary safeguards. Assist the CIO in fulfilling compliance with CMS information security requirements and operate independently of IT operations.

Similar jobs

Security Systems Specialist

TaylorMade Golf CompanyCarlsbad, CA· 3 wk ago
Information Technology$30–$33/hrapply on taylormadegolf.wd5.myworkdayjobs.com

Security Systems Specialist

Communications Engineering Company (CEC)De Pere, WI· 1 wk ago
Information Technologyapply on cecinfo.isolvedhire.com