Serve as the primary POC for all program security and privacy issues and requirements, and incident response lead
Maintain knowledge of customer security requirements, policies and procedures
Accomplish system security human resource objectives by recruiting, selecting, orienting, training, assigning, scheduling, coaching, counseling, and disciplining employees
Develop security policies and procedures
Achieve system security operational objectives by contributing information and recommendations to strategic plans and reviews
Protect computer assets by developing security strategies; directing system control development and access management
Establish system safeguards by directing disaster preparedness development; conducting preparedness tests
Update job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
Manage system security audits
Ensure that the user community understands and adheres to necessary procedures to maintain security.
Requirements
Bachelor Degree in Computer Science or a related technical discipline, or the equivalent combination of education and technical certifications or training, or work experience
10-12 Years of directly related experience in Information Assurance
CISSP certification
Strong analysis, oral and written communication
Experience/knowledge in CMS Information Security (IS) Acceptable Risk Safeguards (ARS) and Information Security and Privacy Library documents
Knowledge of NIST 800 series of Special Publications
Disaster/contingency planning and risk assessment knowledge
Familiarity with information security practices, networks, software, hardware, computer programming, operating systems and computer desktop packages such as Microsoft Word, Excel, etc.
Working knowledge of system security intrusion detection, incident handling, configuration control, change management, auditing, Assessment and Authorization, information assurance principles (Confidentiality, Integrity, non-repudiation, availability, access control), and security testing.