IT ASSISTANT DIRECTOR I
Information Systems Security Officer
Recruitment #24-004490-0003
Department | MD Health Benefit Exchange |
---|---|
Date Opened | 6/12/2024 12:00:00 PM |
Filing Deadline | 6/26/2024 11:59:00 PM |
Salary | $73,787.00 - $123,760.00/year |
Employment Type |
Full-Time
|
HR Analyst | Joshua Powell |
Work Location |
Baltimore City
|
Telework Eligible | Yes |
Introduction
MHBE is accepting applications for a vacant IT Assistant Director - Information Systems Security Officer Position. The Maryland Health Benefit Exchange is responsible for the administration of Maryland Health Connection the State's health insurance marketplace, under the Patient Protection and Affordable Care Act of2010(ACA).
MHBE works with the Maryland Department of Health, Maryland Insurance Administration, Department of Human Services, and stakeholders statewide. Vision Statement: High-quality, affordable health coverage for all Marylanders.
Statement: We improve the health and well-being of Marylanders by connecting them with high-quality, affordable health coverage through innovation, technology, and customer service. Values: Diverse & Inclusive, Innovative, Collaborative, & Ethical. For more information on MHBE, please visit our website.
GRADE
20
LOCATION OF POSITION
750 East Pratt St., 6th floor, Baltimore, MD 21202
Main Purpose of Job
The Information Systems Security Officer is tasked with developing and executing advanced security strategies that are in harmony with MHBE’s organizational objectives and compliance with regulatory standards such as MARS-E, IRS Publication 1075, and NIST guidelines. The role encompasses conducting risk assessments and security audits to bolster existing security protocols, leading incident response actions, and managing data breaches and recovery operations. Additionally, the officer is responsible for the creation and delivery of staff training programs on cybersecurity awareness and best practices. The role includes oversight of technical defenses like encryption, firewalls, and intrusion detection systems, and managing vendor relationships to ensure adherence to security policies while evaluating third-party services for security risks. By continuously updating security policies and procedures, this position ensures the secure handling of sensitive information throughout the organization, thereby supporting MHBE's commitment to providing secure and accessible health coverage to Marylanders.
POSITION DUTIES
1.
Oversee Information Security
Programs
●
Manage and assist with the
maintenance of the HBX System Security Plan annually.
●
Implement and oversee
managerial, operational, and technical security controls.
●
Assure compliance with MARS-E
and IRS Pub1075 security controls.
2.
Governance and Strategic
Direction
●
Provide direction, oversight,
guidance, and support to MHBE Information System Security Officers.
●
Offer security governance and
guidance to internal stakeholders across various departments including IT
(Operations, Infrastructure, Applications, DevOps, Network Engineering, PMO)
and Plan Management.
3.
System and Vulnerability
Management
●
Direct and review information
system vulnerability management activities.
●
Manage information security
systems and their components, such as Identity and Access Management Systems,
Vulnerability Management Systems, Data Loss Protection, API Management Systems,
SecDevOps Processes, IAST, SCA, and DSA application components, Firewalls,
Perimeter, and Edge Services.
4.
Policy Development and
Compliance
●
Review and update information
security policies regularly.
●
Support all internal and
external audits.
●
Ensure Plan of Actions and
Milestones (POA&Ms) are managed and resolved in a timely manner.
5.
Stakeholder Support and
Training
●
Provide continuous support to
the privacy program as needed.
●
Engage with agency and
interagency organizations to facilitate training and understanding of security
requirements and protocols.
6.
Reporting and Documentation
● Oversee the preparation and maintenance of security
reports and documentation to ensure compliance and facilitate decision making.
MINIMUM QUALIFICATIONS
Education: Bachelor's degree from an accredited college
or university in Information Technology, Computer Science, Management
Information Systems, or other information technology related field.
Experience: Four Years of experience designing, developing,
implementing, maintaining and controlling security systems for applications and
networks.
NOTES:
1. Graduation from an accredited high school or possession
of a high school equivalency certificate plus thirty credit hours from an
accredited college or university in Computer Information Technology, Management
Information Systems, Computer Science or other information technology-related
field to include course work in database management systems may be substituted
for the required education.
**
For education obtained outside of the U.S., you will be required to provide
proof of the equivalent American education as determined by a foreign
credential evaluation service. If you possess a degree obtained outside of the
United States, please submit a detailed, course-by-course evaluation report
from one of the U.S. equivalency evaluating members identified at http://www.naces.org/members.html
DESIRED OR PREFERRED QUALIFICATIONS
Preference will be given to applicants who possess the following preferred qualification(s). Include clear and specific information on your application regarding your qualifications.
1. 4 years of experience in advanced security program
management, including innovative practices in maintaining and enhancing
security measures beyond basic compliance requirements.
2.
4 years of experience acting as a visionary
leader in information security, mentoring and developing future leaders, and
executing strategic plans for security governance that anticipate future
security needs.
3.
4 years of experience leading cutting-edge
initiatives in vulnerability management that significantly decrease potential
security threats and system vulnerabilities through advanced technologies and
practices.
4.
3 years of experience in comprehensive policy
development and compliance, including integrating additional relevant standards
that advance the organization's security posture.
5.
Strong analytical and problem solving skills.
6.
Excellent communication skills including the ability to
understand and communicate technical information to business users, and gather
business requirements that can be translated into technical requirements.
7.
Ability to manage multiple critical priorities and
tight deadlines.
LICENSES, REGISTRATIONS AND CERTIFICATIONS
Employees in this classification may be assigned duties which require the operation of a motor vehicle.
Employees assigned such duties will be required to possess a motor vehicle operator’s license valid in the State of Maryland
SELECTION PROCESS
Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the eligible (employment) list for at least one year.
EXAMINATION PROCESS
The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.
BENEFITS
As an employee of the State of Maryland, you will have access to outstanding benefits, including: health insurance, dental, and vision plans offered at a low cost.
CLICK ON THIS LINK FOR MORE DETAILS: STATE OF MARYLAND BENEFITS
Personal Leave - new State employees are awarded six (6) personnel days annually (prorated based on start date).
Annual Leave - ten (10) days of accumulated annual leave per year.
Sick Leave - fifteen (15) days of accumulated sick leave per year.
Parental Leave - up to sixty (60) days of paid parental leave upon the birth or adoption of a child.
Holidays - State employees also celebrate at least twelve (12) holidays per year.
Pension - State employees earn credit towards a retirement pension.
Positions may be eligible for telework.
FURTHER INSTRUCTIONS
The online application process is STRONGLY preferred. If you are unable to apply online, you may submit a paper application and resume: via email: Joshua.powell@maryland.gov
via mail: MHBE Office of Human Resources 750 E. Pratt St, 6th Floor Baltimore, MD 21202
Resumes will not be accepted in lieu of completing the online or paper application.
Applications must be received no later than the close of business on the closing date.
Appropriate accommodations for individuals with disabilities are available upon request by calling MDTTY Relay Service. TTY Users: call via Maryland Relay.
As an equal opportunity employer, Maryland is committed to recruiting, retaining, and promoting employees who are reflective of the State's diversity. People with disabilities and bilingual candidates are encouraged to apply.
We thank your Veterans for their service to our country and encourage them to apply.
This employer participates in E-Verify and will provide the federal government with your Form I-9information to confirm that you are authorized to work in the U.S. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact the Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issues before the employer can take any employment action against you.
45 Calvert Street, Annapolis, MD 21401
300-301 West Preston Street, Baltimore, MD 21201
Toll Free (800) 705-3493