Director Systems Security Ciso

Noridian Administrative Services Fargo , ND 58102

Posted 1 week ago

Job Title

Director System Security

Job Summary

The Director of System Security is responsible for coordinating and monitoring all ongoing activities relating to the development, implementation, and management of the organization's Information Technology (IT) security initiatives to ensure compliance with federal and state laws and regulations, organizational consistency among the company's requirements, compliance with other contractual and industry requirements, and a culture and awareness of compliance. This includes ensuring compliance with Centers for Medicare & Medicaid Services (CMS) information security program and CMS Minimum Security Requirements (CMSRs) as defined in the Acceptable Risk Safeguards (ARS)

Key Performance Indicators

  • Facilitates the Medicare IT system information security program for the organization

  • Ensures the technical and operational information security controls are in place and operating as expected

  • Ensures the organization follows federal, state, and organizational rules and regulations

Essential Functions Key Duties/Responsibilities/Accountabilities

  • Ensures the organization follows CMS Business Partners Systems Security Manual (BPSSM); CMS ARS Controls, CMS Risk Management Handbook, Federal Information Security Management Act of 2002, 44 U.S.C 3541 (FISMA); NIST Special Publications, Federal Information Processing Standards (FIPS) Publications, Security Technical Implementation Guides (STIGs), Health Insurance Portability and Accountability Act (HIPAA), and Health Information Technology for Economic and Clinical Health Act (HITECH)

  • Ensures CMS Authorization to Operate (ATO) remains current and is approved every three years

  • Develops security strategies for the organization and supports the business goals and objectives

  • Maintains the information security documentation in the System Security Profile (System Security Plan, IT Risk Assessment, BCCP, etc.)

  • Reviews and implements applicable IT and security technical direction letters (TDL) and Change Requests (CR)

  • Ensures contract deliverables are provided in the required timeframes (monthly, annually)

  • Manages the development and implementation of the organization's security control framework, which includes security policies, standards, guidelines, and procedures

  • Develop a security configuration management process to ensure security configuration checklists are maintained for all information system components

  • Develops security training for all employees, contractor personnel, and other appropriate third parties

  • Develops and provides training of customized security training, annual security training and other training as necessary

  • Develops and provides guidance and support for security incident response, and the investigation of security, privacy or compliance incidents

  • Reviews compliance of all components with the CMSRs and reports vulnerabilities

  • Engages with the Computer Incident Response Team and assists with assignments for security incident resolution

  • Ensures annual testing of the BCCP and Disaster Recovery and reviews results

  • Directs annual security penetration tests and FISMA Assessments

  • Ensures necessary safeguards are established for identified vulnerabilities and the remediation of vulnerabilities

  • Oversees the monthly Plan of Action and Milestones (POA&M) process

  • Ensures weaknesses, findings, gaps, or other deficiencies are corrected within 90 days of receipt of the final audit or evaluation report

  • Assists in the development and implementation of corrective action plans for areas of non-compliance

  • Cooperates with the independent security control assessment of the system security program in accordance with Section 912 of the MMA

  • Attends bi-annual CMS Security Controls Oversight and Update Training

  • Participates in the information Security Subcommittee, Internal Controls, Control Review Committee and other security meetings as necessary

Non-Essential Duties and Functions

  • Other duties as assigned

Minimum Qualifications

  • Bachelor's degree in Business or Information Systems (IS) OR Associate's degree in Information Systems with 2 years' IT experience

  • 5 years' Experience in Information Systems Security and/or Information Technology Auditing

  • Earns a minimum of 40 hours in continuing education professional education credits each year

  • Working knowledge of auditing theories, practices, and techniques

  • Working knowledge of IS, systems development lifecycle, and security practices

  • Working knowledge of accepted data privacy and security practices and procedures

  • Working knowledge of HIPAA and HITECH requirements

  • Working knowledge of CMS security requirements

  • Understanding of National Institute of Standards and Technology (NIST)

  • Working knowledge of PC software (e.g. Microsoft Office Suite)

  • Maintains current knowledge of applicable standards, laws, rules and regulations, specifically HIPPAA, HITECH, and CMS Acceptable Risk Safeguards

  • Maintains continuing security professional and/or certification requirements

Preferred Qualifications Above requirements and the following:

  • CISSP, CISA, or CISM or equivalent certification

Environment and Cognitive/Physical Demands

  • Office Environment

  • Ability to read, hear, speak, keyboard, reason, communicate effectively and problem solve

  • Requires prolonged sitting and telephone use

  • Requires the use of office equipment such as computer terminals, telephones, copiers and printers

  • Infrequent lifting to 15 pounds

  • Infrequent stooping

Segregation of Duties

Every employee is responsible to perform their duties and responsibilities in accordance with Noridian values, policies and procedures, including but not limited to: Segregation of Duties Principles, HIPAA, Security and Privacy, CMS requirements, the Noridian Compliance Program and any other applicable laws, rules and regulations.

Statement of Other Duties

This document describes the essential functions, requirements, and responsibilities of this job, and is not intended to be a complete list of all tasks and functions. Employees may be requested to perform job related tasks other than those specifically listed in this description and may be required to perform any task requested by the supervisor or management.

CMS Access Compliance and Regulation Contingency Statement

Some positions require compliance with (i) federal and agency specific regulations and related clauses included in Noridian's prime contracts with the Government, (ii) background checks, and (iii) eligibility for a government-issued identification card.

Equal Employment Opportunity

Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities as well as Sexual Orientation or Gender Identity.

Other Information

Job Posting Policy 6.05: New employees with Noridian Healthcare Solutions will be eligible to apply for positions within their assigned department after successfully completing a 90-day review. For positions outside their department, they must attain a minimum of six months of service before they can apply.

This job will be closed 04/29/2019 at 8:00AM CST. No further applications will be considered.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Officer Full Time

Universal Services Of America

Posted 4 days ago

VIEW JOBS 4/16/2019 12:00:00 AM 2019-07-15T00:00 We are North America's leading security services provider with over 200,000 phenomenal employees. At Allied Universal, we pride ourselves on fostering a promote from within culture. There are countless examples of individuals who began their career as Security Professionals and today hold positions on our senior leadership team. In fact, over 65% of our managerial positions are filled by internal candidates. For all full-time positions, we offer medical, dental and vision coverage, life insurance, 401K, employee assistance programs, company discounts, perks and more! We also offer part-time and flexible schedules! Start your phenomenal career with Allied Universal today! Allied Universal is seeking Professional Security Officers. Our Security Officers allow us to contribute to our company's core purpose of providing unparalleled service, systems and solutions to serve, secure and care for the people and businesses of our communities. QUALIFICATIONS/REQUIREMENTS: * Be at least 18 years of age with high school diploma or equivalent * Possess effective written and oral communication and interpersonal skills with ability to deal with all levels of personnel and the general public in a professional and effective manner * Able to obtain a valid guard card/license, as required in the state for which you are applying. * As a condition of employment, employee must successfully complete a background investigation and a drug screen in accordance with all federal, state, and local laws * Display exceptional customer service and communication skills * Have intermediate computer skills to operate innovative, wireless technology at client specific sites * Ability to handle crisis situations at the client site, calmly and efficiently * Able to: * Work in various environments such as cold weather, rain/snow or heat * Occasionally lift or carry up to 40 pounds * Climb stairs, ramps, or ladders occasionally during shift * Stand or walk on various surfaces for long periods of time Allied Universal provides unparalleled service, systems and solutions to the people and business of our communities, and is North America's leading security services provider. With over 200,000 employees, Allied Universal delivers high-quality, tailored solutions, which allows clients to focus on their core business. For more information: We proudly support the Veteran Jobs Mission, a group of over 200 companies that have committed to collectively hiring a total of one million military veterans. EOE/Minorities/Females/Vet/Disability Allied Universal Services is an Equal Opportunity Employer committed to hiring a diverse workforce. Universal Services Of America Fargo ND

Director Systems Security Ciso

Noridian Administrative Services