Skip to Main Content


Information Systems Security Officer

Recruitment #24-004490-0003


MHBE is accepting applications for a vacant IT Assistant Director - Information Systems Security Officer Position. The Maryland Health Benefit Exchange is responsible for the administration of Maryland Health Connection the State's health insurance marketplace, under the Patient Protection and Affordable Care Act of2010(ACA).

MHBE works with the Maryland Department of Health, Maryland Insurance Administration, Department of Human Services, and stakeholders statewide. Vision Statement: High-quality, affordable health coverage for all Marylanders. 

Statement: We improve the health and well-being of Marylanders by connecting them with high-quality, affordable health coverage through innovation, technology, and customer service. Values: Diverse & Inclusive, Innovative, Collaborative, & Ethical. For more information on MHBE, please visit our website.




750 East Pratt St., 6th floor, Baltimore, MD 21202

Main Purpose of Job

The Information Systems Security Officer is tasked with developing and executing advanced security strategies that are in harmony with MHBE’s organizational objectives and compliance with regulatory standards such as MARS-E, IRS Publication 1075, and NIST guidelines. The role encompasses conducting risk assessments and security audits to bolster existing security protocols, leading incident response actions, and managing data breaches and recovery operations. Additionally, the officer is responsible for the creation and delivery of staff training programs on cybersecurity awareness and best practices. The role includes oversight of technical defenses like encryption, firewalls, and intrusion detection systems, and managing vendor relationships to ensure adherence to security policies while evaluating third-party services for security risks. By continuously updating security policies and procedures, this position ensures the secure handling of sensitive information throughout the organization, thereby supporting MHBE's commitment to providing secure and accessible health coverage to Marylanders.


1. Oversee Information Security Programs
● Manage and assist with the maintenance of the HBX System Security Plan annually. 
● Implement and oversee managerial, operational, and technical security controls. 
● Assure compliance with MARS-E and IRS Pub1075 security controls. 

2. Governance and Strategic Direction  
● Provide direction, oversight, guidance, and support to MHBE Information System Security Officers. 
● Offer security governance and guidance to internal stakeholders across various departments including IT (Operations, Infrastructure, Applications, DevOps, Network Engineering,               PMO) and Plan Management. 

3. System and Vulnerability Management  
● Direct and review information system vulnerability management activities. 
● Manage information security systems and their components, such as Identity and Access Management Systems, Vulnerability Management Systems, Data Loss Protection, API                   Management Systems, SecDevOps Processes, IAST, SCA, and DSA application components, Firewalls, Perimeter, and Edge Services. 

4. Policy Development and Compliance  
● Review and update information security policies regularly. 
● Support all internal and external audits. 
● Ensure Plan of Actions and Milestones (POA&Ms) are managed and resolved in a timely manner. 

5. Stakeholder Support and Training  
● Provide continuous support to the privacy program as needed. 
● Engage with agency and interagency organizations to facilitate training and understanding of security requirements and protocols. 6. Reporting and Documentation  
● Oversee the preparation and maintenance of security reports and documentation to ensure compliance and facilitate decision making.         


Education: Bachelor's degree from an accredited college or university in Information Technology, Computer Science, Management Information Systems, or other information technology related field.

Experience: Four Years of experience designing, developing, implementing, maintaining and controlling security systems for applications and networks.   


1. Graduation from an accredited high school or possession of a high school equivalency certificate plus thirty credit hours from an accredited college or university in Computer Information Technology, Management Information Systems, Computer Science or other information technology-related field to include course work in database management systems may be substituted for the required education.

** For education obtained outside of the U.S., you will be required to provide proof of the equivalent American education as determined by a foreign credential evaluation service. If you possess a degree obtained outside of the United States, please submit a detailed, course-by-course evaluation report from one of the U.S. equivalency evaluating members identified at


Preference will be given to applicants who possess the following preferred qualification(s). Include clear and specific information on your application regarding your qualifications. 

1. 4 years of experience in advanced security program management, including innovative practices in maintaining and enhancing security measures beyond basic compliance requirements. 

2. 4 years of experience acting as a visionary leader in information security, mentoring and developing future leaders, and executing strategic plans for security governance that anticipate future security needs. 

3. 4 years of experience leading cutting-edge initiatives in vulnerability management that significantly decrease potential security threats and system vulnerabilities through advanced technologies and practices. 

4. 3 years of experience in comprehensive policy development and compliance, including integrating additional relevant standards that advance the organization's security posture. 

5. Strong analytical and problem solving skills. 

6. Excellent communication skills including the ability to understand and communicate technical information to business users, and gather business requirements that can be translated into technical requirements. 

7. Ability to manage multiple critical priorities and tight deadlines.


Employees in this classification may be assigned duties which require the operation of a motor vehicle.

Employees assigned such duties will be required to possess a motor vehicle operator’s license valid in the State of Maryland


Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the eligible (employment) list for at least one year.


The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.


As an employee of the State of Maryland, you will have access to outstanding benefits, including: health insurance, dental, and vision plans offered at a low cost.


Personal Leave - new State employees are awarded six (6) personnel days annually (prorated based on start date). Annual Leave - ten (10) days of accumulated annual leave per year. 
Sick Leave - fifteen (15) days of accumulated sick leave per year.   
Parental Leave - up to sixty (60) days of paid parental leave upon the birth or adoption of a child. 
Holidays - State employees also celebrate at least twelve (12) holidays per year.   
Pension - State employees earn credit towards a retirement pension. Positions may be eligible for telework.


The online application process is STRONGLY preferred. If you are unable to apply online, you may submit a paper application and resume: via email: via mail: MHBE Office of Human Resources 750 E. Pratt St, 6th Floor Baltimore, MD 21202 

Resumes will not be accepted in lieu of completing the online or paper application. 

Applications must be received no later than the close of business on the closing date. 

Appropriate accommodations for individuals with disabilities are available upon request by calling MDTTY Relay Service. TTY Users: call via Maryland Relay. 

As an equal opportunity employer, Maryland is committed to recruiting, retaining, and promoting employees who are reflective of the State's diversity. People with disabilities and bilingual candidates are encouraged to apply. We thank your Veterans for their service to our country and encourage them to apply. 

This employer participates in E-Verify and will provide the federal government with your Form I-9information to confirm that you are authorized to work in the U.S. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact the Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issues before the employer can take any employment action against you.

45 Calvert Street, Annapolis, MD 21401 
300-301 West Preston Street, Baltimore, MD 21201 
Toll Free (800) 705-3493     

Powered by JobAps