Security Program Office

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
Staff run and maintain the security program based on DHCS requirements provided to IBM as documented within Appendix R:
1) Migrate and transition services from the current security office to IBM
2) Ongoing security risk analysis
3) Update and maintain all security policy and procedure documents in accordance with the in-scope regulatory requirements (such as HIPAA FIPS FISMA FedRamp State of California Privacy Laws)
4) Perform business and security impact analysis on all application development SDN’s or other appropriate change vehicles that meet the requirements as defined in the State SDLC process (Based on Secure by Design for infrastructure and applications)
5) Third party risk management
6) Update and maintain security policy and procedure based on NIST Cyber Security Framework (NIST CSF)

Required Technical and Professional Expertise
Qualifications: shall have a minimum of five (5) years’ experience in computing or related area with a focus on information security technology management and policy; experience in the development and implementation of planning security policy procedure and/or safeguards; extensive knowledge of security administration and computer security tools; successful experience in retrieving analyzing reporting addressing and /or tracking security intrusions and vulnerabilities; demonstrated knowledge in systems design development documentation testing implementation and/or maintenance; demonstrated ability to work effectively with technical and non-technical managerial and professional staff.

In addition the ISO shall possess the following:

• A minimum of two (2) years additional management experience in a government or private sector healthcare payer claims payment processing or in an MMIS environment may substitute for the degree on a year-for-year basis) in Computer Science Computer Information Systems Management Information Systems Business Administration Public Policy Law or a related field;
• Three (3) or more years’ experience in at least three (3) of the following domains in the Certified Information Systems Security Professional certificate:

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

• Proven technical and functional problem solving tracking and resolution skills;
• Ability to manage complex projects;
• Excellent verbal written and presentation communications skills.
• Experience in technology management or information security in both government and healthcare environments; and
• One or more of the following certifications:

1. CISM (Certified Information Security Manager)
2. GIAC (Global Information Assurance Certificate)
3. SSCP (Systems Security Certified Practitioner)
4. CISA (Certified Information Systems Auditor)
5. CISSP (Certified Information Systems Security Professional)

Preferred Technical and Professional Expertise
Qualifications: shall have a minimum of seven (7) years’ experience in computing or related area with a focus on information security technology management and policy; experience in the development and implementation of planning security policy procedure and/or safeguards; extensive knowledge of security administration and computer security tools; successful experience in retrieving analyzing reporting addressing and /or tracking security intrusions and vulnerabilities; demonstrated knowledge in systems design development documentation testing implementation and/or maintenance; demonstrated ability to work effectively with technical and non-technical managerial and professional staff.

In addition the ISO shall possess the following:

• A minimum of four (4) years additional management experience in a government or private sector healthcare payer claims payment processing or in an MMIS environment may substitute for the degree on a year-for-year basis) in Computer Science Computer Information Systems Management Information Systems Business Administration Public Policy Law or a related field;
• Five (5) or more years’ experience in at least three (3) of the following domains in the Certified Information Systems Security Professional certificate:

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

• Proven technical and functional problem solving tracking and resolution skills;
• Ability to manage complex projects;
• Excellent verbal written and presentation communications skills.
• Experience in technology management or information security in both government and healthcare environments; and
• Two or more of the following certifications:

1. CISM (Certified Information Security Manager)
2. GIAC (Global Information Assurance Certificate)
3. SSCP (Systems Security Certified Practitioner)
4. CISA (Certified Information Systems Auditor)
5. CISSP (Certified Information Systems Security Professional)