Job ID: VA-689833 (914290811)
Remote Healthcare Security Analyst (CISA/CISSP/CISM/Security+) with HBE, CMS/Medicaid/Medicare, federal data privacy, audit/compliance MARS-E, IRS experience
Location: Richmond VA (SCC)
Duration: 12 months
Hybrid work environment (full telework available)
Skill Required / Desired Amount of Experience
Bachelor’s degree in Computer Science, Business Info. Systems (or equivalent experience) Required
Experience with federal data privacy and security standards specifically related to Centers for Medicare and Medicaid Services (CMS) and the Internal Required
Significant knowledge and experience with data privacy and security standards, and other legal and regulatory and legal compliance standards including Required
Security audit and compliance Required
SCC seeks a Security Compliance Analyst contractor for the Health Benefit Exchange (HBE). This position will work with the SCC’s HBE and, as needed, with the SCC Office of Information Security (OIS) staff to develop a crosswalk of federal data security requirements for a state-based health insurance exchange (e.g., the Centers for Medicare and Medicaid Services’ MARS-E standards) with the Commonwealth’s data security standards (e.g., SEC501, SEC525). The objective is to obtain a clear and thorough analysis of the overlap and potential gaps between the federal data security requirements applicable to a state-based health insurance exchange and the Commonwealth’s IT security requirements. Additionally, this resource will provide review and analysis of technical specifications of a proposed technology solution to support security compliance.
Responsibilities Include:
• Developing crosswalk of federal and state security standards for HBE
• Analyze existing security requirements, standards, and system documentation to conduct a gap analysis.
• Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
Required Skills:
Bachelor’s degree in Computer Science, Business Info. Systems (or equivalent experience)
CISSP, CISA, CISM, Security + or other relevant security-related certification
Experience with federal data privacy and security standards specifically related to Centers for Medicare and Medicaid Services (CMS) and the Internal Revenue Service (IRS)
Significant knowledge and experience with data privacy and security standards, and other legal and regulatory and legal compliance standards including SEC525, SEC501, MARS-E and NIST Cybersecurity Framework
Security audit and compliance
Preferred Skills:
Proven analytical and problem-solving abilities
Ability to present ideas in business-friendly and user-friendly language.
Highly self-motivated and directed.
Ability to conduct research into IT security issues and products as required.