Previous Job
CL - Security Architect - Advanced
Ref No.: 17-00212
Location: Columbia, South Carolina
Client: Department of Health and Human Services
Location: Columbia,SC
Duration: 12 Months
Comments:::::Important Notes -- Please read before submitting candidates:::::

1 - Candidates are expected to work primarily onsite for the duration of the engagement. Remote work will be approved based upon the manager's discretion. Up to 20% offsite work is possible depending on workload, required meeting attendance, and the quality and timeliness of the work product. (20% of a 40-hour workweek is 8 hours.) We will give preference to candidates with the ability to be onsite within 4 hours during standard business hours.

2 - Resumes should be the work and words of the candidate in order to accurately reflect the candidate's written communication skills.

3 - Candidates with resumes over 5 letter-sized pages will be considered after all other candidates. Shorter resumes which are tailored to show how the candidate's experience directly maps to our needs will result in a greater chance of an interview

Job Description:
POSITION: Information Security Architect (Advanced)


The SCDHHS Office of Information Assurance (OIA) is responsible the Security and Compliance of SCDHHS Information Systems and Data. OIA seeks an expert in Information Security Architecture and Solutions Design to assist with the establishment, implementation and/or enhancement of Information Systems Security and Compliance efforts based on State/Agency Policy/Standards and Regulatory Guidance such as FISMA, NIST, CMS MARS-E, HIPAA, etc.)

Role Summary/Purpose


The Information Secuirty Architect will report to the Office of Information Assurance and operate as an experienced consultant to SCDHHS leadership, business units, business partners and vendors.

Security Program Experience:

Experience with CMS MARS-E or other FISMA Risk Management Framework (RMF) compliant programs is strongly desired and will be given the highest weight. Experience should include well documented success in the performance of security focused processes and procedures supportive of a secure, compliant enterprise architecture.

Experience with development and integration of RMF tasks and artifacts into the System Development Life Cycle (SDLC) is ideal.

Experience in security as related to multi-tenant, cloud services and vendor interface management would be considered desirable for this position.

Technical Knowledge:

Hands on experience with any or all of the following technologies would be considered a desirable for this position:

• IBM System 390/zSeries
• Linux and Windows servers
• Network Firewalls, Intrusion Prevention Systems (IPS), Switching and Routing Infrastructure
• Security Information and Event Management (SIEM) solutions
• Identity and Access Management (IAM) solutions

General Duties and Responsibilities:

1. Assist in the design, development, implementation and/or ongoing maturation of SCDHHS security and compliance solutions
2. Provide hands-on support of SCDHHS Systems and Software
3. Participate in audit and assessment of internal agency systems as well as business partner/service provider information systems.
4. Utilize Microsoft Office software suite, eGRC system, Bizagi, Atlassian and other products to document and report on information gathered during Audit and Assessment activities or other OIA efforts.
5. Participate in third-party audits and/or assessments of agency and business partner systems
6. Collaborate with agency leadership, business partners and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.

REQUIRED CERTIFICATION: ISC(2), ISACA, SANS GIAC, or other similar Information Security Certification is required.

EDUCATION PREFERRED: Bachelor's degree in computer science or similar discipline is preferred.

Category Name Required Importance Level Last Used Experience
Cloud cloud platforms / environments No 1
Education Technical Certifications Yes 1
Education College Degree No 1
Miscellaneous Ability to analyze and document, business and system processes using various methods and tools. Yes 1
Miscellaneous Ability to deal effectively with the needs of technical peers, technical and user management, users, vendors, and staff members, and to communicate clearly and effectively in spoken and written form Yes 1 Lead Currently Using 4 - 6 Years
MMIS - Medicaid Management Informaiton System HIPAA - The Health Insurance Portability and Accountability Act of 1996 Yes 1 Advanced
MMIS - Medicaid Management Informaiton System CMS No 1
MMIS - Medicaid Management Informaiton System Medicaid No 1
Network Security Federal Information Security Management Act (FISMA) Yes 1 Advanced
Network Security MARS-E Yes 1 Advanced
Network Security Security - Knowledge in networking, databases, systems and Web operations Yes 1 Expert 4 - 6 Years
Network Security Security Information Architecture Yes 1 Lead 4 - 6 Years
Network Security Security Information Event Management (SIEM) systems development / configuration Yes 1
Networking & Directories Identity Access Management Yes 1 Advanced
Operating Systems/APIs Linux Yes 1 Expert 4 - 6 Years
Operating Systems/APIs Windows Server Yes 1 Expert 4 - 6 Years
Operating Systems/APIs IBM z-Series mainframe No 1 Expert 4 - 6 Years
Packaged Applications Microsoft Office Suite Yes 1 Advanced
Program Management - RUP methodology Vendor management experience Yes 1
Protocols IPS No 1
Protocols Routing No 1
Software Framwork Software development life cycle (SDLC) Yes 1 Expert
Software Framwork BizAgi No 1
Specialties eGRC solutions Yes 1
Specialties Switches No 1
Additional Skills: Required Knowledge/Skills:

1. Must have a strong working knowledge of FISMA, NIST, CMS MARS-E and HIPAA Security and Privacy.
2. Must have deep technical knowledge of secure systems architecture principles, security and compliance tools, data protection and access models.
3. 5+ years of experience in I.T. working with and/or auditing IBM System 390/zSeries, Windows, Linux, networking infrastructure and web-based applications.
4. ISC(2), ISACA, SANS GIAC and/or other Information Security Certification is required.
5. Ability to work independently and as a member of a team.
6. Ability to collaborate and coordinate with multiple teams and vendors.
7. Ability to multitask and prioritize tasks effectively in order to meet deadlines.
8. Experience and training with eGRC solutions.
9. Ability to engage diverse audiences of varying technical and non-technical skill-levels to ensure effective alignment of technical requirements to business objectives.
10. Ability to collaborate and coordinate efforts amongst multiple teams and vendors in fulfillment of SCDHHS OIA initiatives.
11. Ability to multitask and prioritize tasks effectively in order to meet deadlines in a results-oriented environment.
12. Must have intermediate to advanced skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency.
13. Keen attention to detail while maintaining the ability to see the big picture.
14. Ability to absorb, retain and communicate complex processes.
15. Strong English language skills.
16. Demonstrable understanding of the rules of English grammar and usage.
17. Ability to accept changes and constructive criticism and remain flexible in dealing with leadership and teams of varying technical and business knowledge.
Preferred Requirements/Skills:
1. BS degree in computer science or similar discipline.
2. Prior experience working within a FISMA compliant program.
3. Prior experience in working with any eGRC systems.
4. Prior Health Information Technology experience.