The candidate should have a minimum of seven (7) years of experience in designing and creating Information System Security policy and procedures at the state or federal government levels. A Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification is required for this position. Candidate must have strong demonstrable working knowledge of the Federal Information Security Management Act (FISMA) Information Security Governance Standards, the National Institute of Standards and Technology (NIST) Information Systems and Center for Internet Security (CIS) Risk Management guidelines. This position requires strong demonstrable working knowledge of International Standards Organization (ISO), and HIPPA Hi-Tech security regulations and IEEE Privacy Standards (P7002). Strong demonstrable working knowledge of the Health Insurance Portability and Accountability Act (HIPAA) regulations, knowledge of FedRAMP and SOC II certification requirements and ability to implement security policies for compliance is required. Candidate must have strong working knowledge of best practices regarding physical security evaluations, working knowledge of IT Security best practices regarding Windows and Linux Servers, NIST and CIS guidelines and Federal Information Processing Standard (FIPS) certification requirements regarding the testing, selection, implementation, and management of encryption technologies.
The development, maintenance, and implementation of Federal Information Security Management Act (FISMA)/NIST/CIS based Information System Risk Management methodologies, including but not limited to Risk Analysis Methodologies, Data Classification Analysis, and/or Control Analysis is a requirement for this position. Candidate should have working knowledge of complete CIS based Risk Analysis, provision cost-effective regulatory compliance solutions, and the ability to examine current internal practices to align them with industry standards.
Candidate will have mid-level security architect responsibilities and should have the ability to oversee system configuration to validate security practices are being executed according to State of Nevada and DPBH ISO guidelines. The ability to conduct security assessments to identify gaps, aid in budget planning and analysis and assist senior leadership in developing roadmaps to more secure systems is required.
The candidate should be a problem solver recommending mitigations for security risks from audit findings, have experience in designing and developing systems with external authentication and federation tools that streamline access and add a layer of security to state-wide solutions, have working experience of managing, implementing and supporting cloud-based applications in Gov cloud solutions, and have the ability to work in a team atmosphere with project and program management with divergent requirements.
The interpretation and analysis of state and federal Information Security regulatory requirements experience with HIPAA regulatory environments is a requirement for this position.
Candidate will be expected to mentor internal staff on these security processes and improvements.
EXPERIENCE & SKILLS DESIRED
Only if different than above and should include all of the
desired education, experience, programming languages, software, etc.
•Additional architecture security certification such as Information Systems Security Architecture Professional (ISSAP) is preferred.
•Additional security certifications such as Certified Information Systems Auditor (CISA), Certified Secure Software Lifecycle Professional (CSSLP), Certified Authorization Professional (CAP), Certified HIPPA Security Professional (CHSP), GIAC HIPAA Security Certificate (GHSC) or Certified HIPPA Security Specialist (CHSS) preferred.
•Strong working knowledge of IT Security Best Practices regarding relational databases preferred.
•Experience writing policy based on industry recognized security frameworks.
•Strong working knowledge of IT Security Best Practices regarding data networks and networking, including but not limited to protocol analysis, anomaly detection, data loss prevention, intrusion prevention/detection and troubleshooting preferred.
•Working experience at the State or Federal Government level is preferred.
•Ability to mentor and train internal staff on security processes and methods for improvement.