The NC Department of Health and Human Services seeks a highly experienced IT Security Specialist to manage, assist and assess NCFAST compliance with CMS, USDA, ACF, State of NC and DHHS requirements. This resource must manage and review the RFP, MOU and MOA for privacy, security, Business Continuity Planning, and Disaster Recovery based on federal, state and department requirements. This resource must identify the risks and assist in the development of mitigation strategies, and establish the privacy and security architecture using on prem and cloud infrastructures. Hands on and security architecture experience including networking, IAM, IaC in at least one of AWS, Azure and GCP), defining and reviewing Privacy and Security/Information Assurance requirements (and dependencies), and defining and reviewing the Business Continuity Plan and Disaster Recovery Testing plans.• Application migration experience from on-premises to cloud IaaS, PaaS and SaaS models. Strong experience in Asset Management and Policy Compliance. Hands on experience developing a mature vulnerability management including asset management and threat protection. Experience with Policy Compliance requirements. Tasks also include researching Best Practices for reuse, applying Federal rules, State IT Security, DHHS Privacy and Security policies and industry standards, and defining the process to transition from the current architecture to the target architecture based on experience in implementing tools and frame works to support the Agile development process using DevSecOps. The ideal candidate will have experience working with current and emerging information security technologies, privacy and development methodologies and related Center for Medicaid and Medicare requirements (CMS). Bachelor’s degree in computer science, cloud certification, management information systems, or related field is preferred. Candidate must have security architecture knowledge like TOGAF and MITA, good analytical and creative problem solving skills and rely on experience and judgment to plan and accomplish goals. This role requires leadership skills to independently perform a variety of complicated tasks with a wide degree of creativity and latitude.
Skill
Required / Desired
Amount
of Experience
Experience with risk management to identify gaps through risk management and assisting the development team in implementing mitigation strategies.
Required
7
Years
Experience updating privacy and security policies based on gaps found through an assessment process.
Required
4
Years
Experience in NIST 800-53 and HIPAA assessment.
Required
7
Years
Experience in implementing DevSecOps tools such as Fortify, CheckMarx, Contrast, Imperva.
Required
3
Years
Experience in implementing the best practices for vulnerability manament using Qualys and Nessus.
Required
4
Years
Hands-on experience conducting penetration testing on enterprise web applications using tools such as Burp Suite, Metasploit, Webinspect etc.
Required
4
Years
Hands-on experience implementing the privacy and security and best practices for deploying the the work loads on AWS, GCP and AZURE cloud platforms.
Required
3
Years
Familiarity with SOC2 Type 2, HITRUST and MARSE
Desired
3
Years
Excellent written English and oral communications skills
Required
Knowledge of security architecture such as TOGAF and MITA.
Required
Demonstrated analytical and creative problem solving skills.
