Security Architect - Consultant

:::::Important Notes -- Please read before submitting candidates:::::

1 - Resumes should be the work and words of the candidate in order to accurately reflect the candidate's written communication skills.

2 - Candidates with resumes over 5 letter-sized pages will be considered after all other candidates, if at all. Shorter resumes which are tailored to show how the candidate's experience directly maps to our needs will result in a greater chance of an interview. This is not a deal breaker if it is over, but it is preferred

3 - Due to budget constraints, the Agency has capped the rate for this position at $110.00.

SCOPE OF THE PROJECT:
The SCDHHS Office of Cybersecurity (OCS) is responsible for the Security and Compliance of SCDHHS Information Systems and Data. OCS seeks an expert in Security Architecture and Solutions Design to assist with the establishment, implementation and/or enhancement of Enterprise Systems Security and Compliance efforts based on State/Agency Policy/Standards and Regulatory Guidance such as FISMA, NIST, CMS MARS-E, HIPAA, etc.)

Daily Duties / Responsibilities:
The Security Architect will report to the Chief Information Security Officer and operate as an experienced consultant to SCDHHS leadership, business units, business partners and vendors.

Security Program Experience:
1. Experience with CMS MARS-E or other FISMA Risk Management Framework (RMF) compliant programs is strongly desired and will be given the highest weight. Experience should include well documented success in the performance of security focused processes and procedures supportive of a secure, compliant enterprise architecture.
2. Experience in security as related to multi-tenant, cloud services and vendor interface management would be considered desirable for this position.

Technical Knowledge:
Hands on experience or working knowledge of any or all of the following technologies and principles:
1. Linux and Windows servers
2. Network Firewalls, Intrusion Prevention Systems (IPS), Switching and Routing Infrastructure
3. Strong understanding of security protocols, cryptography, authentication, authorization and security
4. Vulnerability management and penetration testing
5. Cloud security and technologies
6. Web Application security
7. Knowledge of enterprise internetworking communications

Essential Responsibilities
1. Assist in the design, development, implementation and/or ongoing maturation of SCDHHS security and compliance solutions
2. Review and create Technical Reference Architecture standards
3. Perform Security Impact Analysis and security reviews
4. Review current system security measures and recommend implementation enhancements
5. Consult, advise or oversee the secure design of key IT system and infrastructure projects to ensure alignment with enterprise security architecture.
6. Perform architectural design reviews of complex systems to ensure security standards are being followed using a threat centric approach (Threat Modeling).
7. Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
8. Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
9. Leads in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures)
10. Assist in the security incident response process as assigned.
11. Collaborate with agency leadership, business partners and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.
12. The Lead Architect plays a key role in determining a road-map for enhancing cybersecurity capabilities at the agency as well as helps implement solutions on that road-map
13. Participate in audit and assessment of internal agency systems as well as business partner/service provider information systems.

Required Skills (rank in order of Importance):
1. 5+ years of experience in information security and/or IT risk management with a focus on security, performance and reliability
2. Must have deep technical knowledge of secure systems architecture principles, security and compliance tools, data protection and access models.
3. Experience in implementing security controls to improve system/platform overall security
4. Ability to engage diverse audiences of varying technical and non-technical skill-levels to ensure effective alignment of technical requirements to business objectives.
5. Ability to multitask and prioritize tasks effectively in order to meet deadlines in a results-oriented environment.
6. Ability to accept changes and constructive criticism and remain flexible in dealing with leadership and teams of varying technical and business knowledge.

Preferred Skills (rank in order of Importance):
1. Prior experience working within a FISMA compliant program.
2. Prior experience in working with any eGRC systems.
3. Prior Health Information Technology experience.
4. Working knowledge of FISMA, NIST, CMS MARS-E and HIPAA Security and Privacy.
5. Experience with cybersecurity tools and technologies
6. Vulnerability management

REQUIRED EDUCATION/CERTIFICATIONS:
ANY ONE OR COMBINATION OF:
• High School or Above

PREFERRED EDUCATION/CERTIFICATIONS:
• BS degree in computer science or similar discipline
• ISC(2), ISACA, SANS GIAC and/or other Information Security Certification
• Certification in an IAM-related product
• Five years of related experience in information systems / security technologies and systems.- and -Demonstrated understanding of the 10 Information System Security domains in the Common Body of Knowledge for CISSP and the 5 Information Security Practice areas and tasks for CISM