Job ID: TX-5299000005018 (911390617)
Security Analyst (CISSP/CISA/GCIH) with NIST, PCI, HIPAA, ISO and Medicaid/CHIP experience
Location: Austin TX (HHSC)
Duration: 12 months
Positions: 2 (2/2)
4 Experience with the National Institute of Standards Technology (NIST) 800-37 Risk Management Framework and 800-53 Security controls.
4 Supporting various compliance audits including, PCI, SOC, HIPAA and ISO.
4 Data Privacy experience
3 Proven ability to work successfully with technical and non-technical groups, and manage multiple responsibilities
2 Writing Information System Security Plans
Strong Communication, analytical and interpersonal skills at all levels
Strong Ability to work on multiple projects or project assignments
Degree Bachelor’s degree in Computer Science, Systems Engineering or equivalent experience
3 Experience facilitating productive meetings to formulate business requirements and communicate stakeholder needs to technical staff
Industry recognized certification such as CISSP, CISA, GCIH
Knowledge of Medicaid and/or CHIP programs and policy
2 Working with Health and Human Services or other Medicaid centric organizations
The IT Risk Analyst will report to the Director of the Medicaid/CHIP Systems team with assignment to the Information Security team. This team is a part of the Health and Human Services Commission (HHSC) Information Technology.
The IT Risk Analyst will lead the team responsible for elicitation, analysis and documentation of systems and state operations and coordination and facilitation of meetings with Medicaid/CHIP Services (MCS) and IT stakeholders. The team will evaluate over 50 systems to complete the Information Security Program Plan, Information System Security Plans and associated Risk Assessments. The Worker will coordinate with IT and business areas to identify risks, confirm controls, and make recommendations for improvement. The Worker will be responsible for identifying system interdependencies and confirming classification of data in a HIPAA environment. The Worker may serve as team lead over analysts.
This job role will aide in analysis and documentation of systems necessary to complete the Information Security Program Plan and to conduct security risk assessments.
The IT Risk Analyst’s responsibilities include:
• Working with subject matter experts across the MCS system to collect and update business and system data.
• Gathering information on HHS data source systems which interface to MCS systems.
• Completing Information Security Program Plan, Information System Security Plans and associated Risk Assessments using HHS defined security tools to identify risks and confirm current controls.