Job Listing Information

Security Architect
  • 20-Jul-2021 to 03-Aug-2021 (UTC)
  • Des Moines, IA, 50319, USA
  • Full Time
  • Long Term Contract Length
  • 40 Weekly Hours

Complete Description:
- The department is seeking an ONSITE security architect to work in conjunction with the Modernization Team and the DHS Information Security and Privacy Office to analyze and document the existing information security environment.
- The Iowa Medicaid Enterprise (IME) is in the initiation phase of an extensive, multi-year technology modernization program.  
- The program's scope includes implementing a modern architecture platform and procurement of several new Medicaid software modules to meet the IME's requirements for managing Medicaid health benefits for over 600,000 Iowa citizens. 
- The migration from the current environment to the future-state platform will involve the modernization or replacement of dozens of legacy systems and applications and the evaluation and modification of hundreds of system-to-system interfaces.
- The department is seeking a security architect to work in conjunction with the Modernization Team and the DHS Information Security and Privacy Office to analyze and document the existing information security environment.  
- In addition, the security architect will lead the effort to define and document DHS security policies and standards, working with commercial software vendors and internal team members to ensure federal, state, and Medicaid regulatory compliance.  
- The Security Architect is responsible for securing enterprise information by determining and documenting security requirements.   
- This position will also lead the effort for planning, implementing, and testing security systems.  
- The Security Architect will also be tasked with preparing security standards, policies and procedures, and mentoring team members and executive staff on security matters. CISSP REQUIRED.

Responsibilities during this engagement include:
- Serve as the Technology Leader for establishing a DHS-wide security framework based on NIST 800-53, federal and state standards, and security industry best practices
- Determines security requirements by completing the following:
- Adhering to CMS software certification requirements
- Evaluating business strategies and requirements
- Researching information security policies and standards
- Conducting system security and vulnerability analyses and risk assessments
- Evaluating the systems architecture and identifying integration issues 
- Serve as Information Security Subject Matter Expert (SME) while working with a Systems Integrator and software vendors to develop the approach for implementing an enterprise security infrastructure that ensures compliance to standards, policies, and procedures 
- Monitor delivery efforts to ensure compliance with standards, policies, and procedures
- Deliver evidence, demonstrating project deliverables meet federal certification requirements
- Improves DHS Incident Response efforts by analyzing existing systems/processes and recommending  future technologies and associated processes
- Participate in the RFI/RFP process for systems module selection
- Participate in the procurement process to select a  Systems Integrator to execute the DDI phase

A successful candidate for this role is expected to possess the following skills and experience:
- CISSP certification REQUIRED
- Extensive experience designing and implementing enterprise security architectures based on NIST Risk Management Framework (NIST 800-53), state and federal security standards, and security industry best practices
- An extensive understanding of security tools and software products, including Identity Access Management (IAM), Security Incident and Event Management (SIEM), and Cloud Access Security Brokers (CASB)
- In-depth experience in creating, documenting, and implementing enterprise security policies and standards – including enterprise-wide communication and training
- Experience working with large project teams and information security offices to ensure security compliance on large systems integration projects involving business transformation
- Experience delivering in an Agile/iterative delivery environment
- Ability to collaborate effectively with a wide range of personalities and work styles
- Ability to break down complex tasks into actionable work items
- Ability to work independently and communicate effectively

REQUIREMENTS
- Experience working as a Senior Security Architect – REQUIRED 10 YEARS
- Experience leading efforts to develop and implement information security standards and policies – REQUIRED 7 YEARS
- Experience designing security architectures based on a security framework such as NIST Risk Management Framework and federal, state, or industry-specific standards - – REQUIRED 7 YEARS
- Demonstrated understanding of security software including IAM, CASB, and SIEM technologies – REQUIRED 7 YEARS
- Experience architecting and implementing secure cloud solutions – REQUIRED 5 YEARS
- Experience analyzing & documenting security requirements for large IT systems containing heterogeneous technologies and multiple systems integrations – REQUIRED 10 YEARS
- Experience working with large project teams to build IT solutions that adhere to multiple industry standards, compliance, regulatory requirements, and technology-based security standards. – REQUIRED 10 YEARS. 
- Excellent task management skills, w/ the ability to multitask and manage multiple tasks with changing priorities in a cross-functional environment – REQUIRED 12 YEARS
- Demonstrated experience working with business and technical users to explain and prioritize the importance of security compliance – REQUIRED 10 YEARS
- Working experience with Agile Projects – REQUIRED 5 YEARS
- Working experience with FedRAMP  – DESIRED 5 YEARS
- Demonstrated experience working in the health insurance and/or Medicaid space  – DESIRED 5 YEARS