**** Direct Client Requirement****
Title: NIST Compliance Security Engineer (State US Gov)
Location: Denver CO
Duration: 12 Months and possible extension
Interview Type: Web Cam Interview
Work Status: Successful applicants must be legally authorized to work in the U.S.
Job Type: C2C, C2H, W2
Experience: 9 YEARS
The Office of Information Technology is seeking an experienced security, risk and compliance professional to identify, define and oversee technical and security related projects that support the operation and maintenance of the Colorado Benefits Management System, PEAK and associated systems. Every three years, CMS requires Medicaid Eligibility & Enrollment Agencies to obtain a new Authority to Connect (ATC). The ATC process includes demonstration of compliance with security and privacy controls and third-party review. This role will support the work effort to review current process and update security plans. This position will also assist with other federal agency audits. This role is a lead contributor in providing senior security project management in order to meet security compliance objectives.
- Address security risk assessment findings and recommendations for two key systems, Colorado Benefits Management System (hosted in AWS and Salesforce) and PEAK (Salesforce)
- Work with the state security team on addressing compliance as well as building the on-going security program to govern risk and compliance.
- Work with vendor security and development staff on controls and procedures to align with policies.
- Interact with the agency program staff on security reporting and security plan maintenance.
- Update security plans to accurately reflect operations and compliance with control objectives
- Manage the definition and implementation of projects to modify systems, infrastructure and process in order to comply with revised standards for security and privacy, including MARS_ E for CMS and publication 1075 for IRS and management of FTI data
- Assist the state and other vendors with updating processes and procedures in support of security plans for Federal Agencies (Social Security Administration, CMS and IRS)
- Provide recommendations for software and hardware configurations to support security standards and setting up a HW/SW asset license management system.
- Recommend changes to the process for planning and validating the application of patches
- Experience with security compliance (NIST 800-53) and technical project management
- Understanding of data governance, including the security requirements for PII, FTI, and PHI.
- Experience with process documentation and process improvement
- Clear Communicator (written and verbal)
- Experienced with using common business applications; such as, Google Docs, Microsoft Office (Word, Excel), Microsoft Project
- Strong analytical and research skills using the Internet and other tools
- Strong verbal communication skills and ability to facilitate a planning session or meeting
- Must be able to work independently and be proactive in reaching for information
- Must be comfortable in an environment with change and many concurrent projects
- Understanding of a government environment and security auditing
- State of Colorado experience
- Experience in the application of commonly accepted concepts and practices specific to the secure design and development of technical documents supporting NIST 800-53
- Salesforce and AWS hosting
- Risk and vulnerability analysis
Estimated Duration: 06/15/2020 – 06/30/2021
**Temporary Remote Work Permitted: Due to COVID-19, the client has agreed to allow the selected candidate to work remotely for the time being. **
Apply here or Please send to firstname.lastname@example.org
Position Keywords: NIST 800-53,project management,Data Governance,PII, FTI, and PHI
Pay Rate: DOE
Job Duration: 12 Months
% Travel Required: None
Job Posted by: Consulting Services
Job ID: OOJ - 2025
Work Authorization: Successful applicants must be legally authorized to work in the U.S