Job ID: MS-132261 (90090716)3P
Hybrid/Local Security Analyst (CISM/CHP/CISSP) with HIPAA, Patch/Vulnerability Management, EDR/XDR, MS Defender 365, Supply Chain Monitoring, SIEM/SOAR, data modernization/PM, AI/ML development, firewalls, threat hunting, cyber risk experience
Location: Jackson MS (MSDH)
Duration: 12 months
Onsite in MS a minimum of 1 week per month plus during an emergency defined by the State Health Office or as negotiated between the contractor and the agency. Occasional travel with expenses reimbursed. Travel does NOT include relocation or expenses incurred when reporting for onsite work. Expenses are for local required travel only. Start asap, duration likely longer than one year. See attached. No max bill rate. 2 open positions, 2 bids per vendor.
Required Skills/Experience
– Minimum of 5 years’ experience cybersecurity, including 2+ years in leadership
– Must be a Certified Information Security Manager (CISM) or a Certified Information Systems Security Professional (CISSP)
– Must be a Certified HIPAA Professional (CHP)
– Must have technical experience with the following Security Toolset Areas: Patch/Vulnerability Management, EDR/XDR, Microsoft Defender 365, Supply Chain Monitoring, and SIEM/SOAR
– Experience leading or participating in security program development, revision, and continuous improvement activities
Preferred/Not Required
Governmental data modernization or project management experience
AI/ML development expierience in cybersecurity inititives (next-generation firewalls, threat hunting, cyber risk, etc).
Under 45 CFR §164.308, as a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), MSDH is required to identify a Security Officer responsible for the development and implementation of policies and procedures to ensure the integrity of electronic Protected Health Information (ePHI) created, transmitted, received and/or stored by the agency. This individual, designated as the IT Security Officer (ITSO), also is required by the state
Department of Information Technology Services (ITS) under Rule 1.6 of the ITS Enterprise Security Policy. Under this
rule, the ITSO is responsible for:
– Developing and maintaining agency-specific security plans, policies, and procedures.
– Interacting with ITS as the primary contact for security related issues.
– Ensuring MSDH is adhering to the State of Mississippi Enterprise Security Policy.
– Participating in the state information security threat intelligence feeds.
– Researching IT industry for security related issues and how it affects MSDH specifically.
– Monitoring security applications, activity logs, resources and issues within the agency utilizing approved security software and hardware.
– Facilitating the State Auditor’s Information Systems Audit and any Third Party Risk Assessments.
– Manage the agency’s Vulnerability Management and Supply Chain risk programs
4. Scoring Method
Criteria Score Percentage Must equal 100%
Security Policy Development and Implementation Expierience 25
Technical Capability in SIEM, XDR, VM, M365 Defender 35
Security Operations Center (SOC) Implementation Expierience 20
Cybersecurity Incident Response Team (CSIRT) Team Leadership 10
Project Management / Strategy Execution Expierience 10
Location Requirement and R2R.docx