JOB DESCRIPTION AND ADDITIONAL DETAILS:
|Position Description||A Security Control Assessor (SCA or SCAR) resource will assist the Medicaid CISO in the assessment of security policies, procedures, templates, standards, guidelines, etc… The SCAR Resource will perform third-party security assessments of Security and Privacy control implementations per Agency Security policy, Federal Regulations, and industry standards. This resource will also interface with external audit teams as audits are performed against Medicaid systems. Specific Responsibilities include: Interfaces with assessors and auditors as well as Medicaid Stakeholders, IT Personnel, system vendors, and service providers to facilitate senior leadership knowledge of organizational risk levels, the development of system security documentation, and reporting requirements. Ensures, through documentation, reporting, and communications with Medicaid Stakeholders, IT Personnel, system vendors, and service providers that protection and detection capabilities are acquired and developed consistent with the organization-level Security Architecture and Security Policies and Standards, and prioritizes vulnerability remediation efforts according to organizational and security strategies. Evaluates and provides feedback on development efforts through the use of Security Assessment reports, in conjunction with the Medicaid Technical Security Assessment team, to ensure that baseline security safeguards are appropriately implemented. Advises the Chief Information Security Officer and vendor Information Security personnel on risk levels and security posture of information security program policies, procedures, and technological implementations. Plan and conduct security authorization reviews for initial installation of software applications, systems, and networks as well as security authorization reviews as part of agency and vendor continuous monitoring programs. Inspect continuous monitoring results to confirm that the level of risk is within acceptable limits for the software application, network, or system. Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant information assurance (IA) compliances. Reviews organizational and vendor system designs to provide input on security requirements and evaluates associated proposed security architectures and designs to ensure that architectures and designs adequately meet requirements.|
|Skills Required||Middle level management. Works under general direction of senior level management. Typically manages and mentors supervisors, project leads and/or technical staff. Works on multiple, complex projects as a project leader and subject matter expert. Frequently reports to a Corporate Security Officer, Chief Information Security Officer, Chief Technology Officer or IT Chief Operating Officer.|
|Experience Required||7 to 10 years of IT work experience with a broad range of exposure to all aspects of business planning, systems analysis and applications development. Experience with managing team(s) and project(s) for information security management.|
|Education Required||Bachelor’s Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience|
|Additional Information||– Will work onsite in Montgomery, AL. No remote work is currently being considered.
– Must be either a United States citizen or a current Green Card holder.