Job Description :
Security Engineer

Lansing MI

3 Year Contract



SECURITY PROFESSIONAL

JOB SUMMARY

Senior Security Specialist is to provide security Subject Matter Expert (SME) guidance to the Compliance

Office and MDHHS security teams. The Senior Security Specialist will have comprehensive understanding of

State and Federal security and privacy requirements including NIST 800.53 and IRS Pub 1075, and SSA.

Additionally, the Security Specialist will assist in the coordination of security related assignments needed to

maintain State and Federal compliance within the State of Michigan.

PRIMARY RESPONSIBILITIES

Assist the MDHH security team as the security SME for the monthly, quarterly, annual and tri-annual

security reports and deliverables needed to maintain compliance with State and Federal regulations

with CMS, and IRS.

Provide security and Privacy training and mentoring to the MDHHS team.

Coordinate, participate, and/or facilitate meetings necessary to support technical and business

needs related to Medicaid Security, PSP’s, and compliance.

Assist with internal and external security and privacy audits and assessments.

Review of State PSP’s and Federal regulations for gaps in Medicaid security and privacy compliance.

Participate as assigned with the review and recommendation of Security and Risk Assessments.

Cooperate with leadership in identifying critical issues for Annual Security and Privacy Planning

Provide support to project teams as assigned to support security and privacy compliance.

Collaborate and assist with the alignment of security and privacy plans across all Medicaid parties.



MINIMUM QUALIFICATIONS

IT Security and Compliance across industries, with particular specialization in customer and patient

privacy protection.

Upwardly mobile with strong ability, demonstrated performance, focus on detail, and unwavering

dedication.

Understands and is familiar with FISMA, FFIEC, HIPAA, COBIT, SOX, GLBA, PCI, NIST, ISO 27001,

FedRamp and 27002 standards, IT Governance, Risk, Compliance (GRC), IT Security policies and