Title: Information Security Architect
Location: Denver, CO
Duration: 06 Months
Client: State of Colorado
Job Description:
CDE IDM Replacement / Upgrade recommendations for RFP assistance project
· The Colorado Department of Education (hereafter referred to as “CDE” or “the Department”) is contracting with uWork.com, dba Covendis, 200 Walker St. SW, Unit B, Atlanta, GA 30313, to provide an Information Security Architect, Contractor name, Vendor Name (the “Contractor”). The Contractor shall assess the existing Identity Management system (IDM) in support of the Statewide Longitudinal Data Systems (SLDS) federal grant to assure that education data is protected appropriately.
· CDE received the grant award in 2020, and it will continue through February of 2025. The early years of the grant focused on two use care areas, Adult Education (AE) and Concurrent Enrollment (CE) and has now shifted to the operationalization of those efforts including underlying components like the identity management system.
· The Colorado Department of Education Identity Management system (IDM) has been in place since 2009 and provides Local Education Agencies (LEAs) with a means of administering and maintaining user access to integrated CDE data systems. IDM also helps ensure adequate protection of student-level data that is received, collected, developed, and used by the Colorado Department of Education, in compliance with the Family Educational Rights and Privacy Act (FERPA). CDE's Identity Management process streamlines the user authentication and authorization process for CDE data systems and enhances the security to student-level data. It automates the user registration, approval, and password reset processes and provides districts and administrative units with the ability to maintain users via a Delegated Administration model.
The current Colorado Department of Education (CDE) identity management system was implemented the Oracle Identity Management Suite. The software components include:
· Oracle Internet Directory (OID)
· Oracle Access Manager (OAM)
· Oracle Identity Manager (OIM)
· Current system is based on the following high-level specifications:
· Implementation of multiple organizations (e.g. each school district) and user-ids
· Integration of OAM/SSO and Key CDE Applications:
· Data Pipeline (District Data Collection System)
· COGNOS (Colorado Education Data Analysis and Reporting (CEDAR))
· RITS (Record Integration Tracking System, Unique Student Identification application) EDIS (Educator Data Integration System) J2EE Application
· Develop OIM Connectors
· RITS / EDIS J2EE Application
· Others, as needed for the key applications
· Create a delegated administration environment for data custodians using Oracle Identity Manager to provision, de-provision, and manage the user accounts associated with the CDE key applications
· OAM Self-Service Password Reset Functionality
· High Availability (HA) architecture
· The CDE seeks to upgrade and or replace the current identity management system through a technology upgrade that could include architectural changes where the authorization work is pushed to respective applications as opposed to a Delegated Administration model. The application support is both in-house and outsourced to vendor-supported systems that interface with the identity management system through SAML XML.
· For this project, CDE not only requires an individual with strong knowledge of Identity Management Systems, and best practices, but also someone familiar with architecture and implementation of Identity Management systems.
General Requirements
· Contractor shall work closely and collaboratively with the Department’s Project Manager throughout the duration of the Purchase Order to discuss suggestions or issues and incorporate guidance from the Department while performing the work described within this Statement of Work.
· Contractor shall alert the Project Manager, when issues or potential risks are encountered that will affect the project.
· Contractor shall submit periodic status reports or participate in weekly status meetings as required by the Department during the engagement.
· Contractor shall coordinate and prioritize all work to ensure that all deliverables and deadlines are met.
· Contractor shall employ an internal quality control process to ensure that all deliverables are complete, accurate, easy to understand, and of high quality.
· Contractor shall provide deliverables that, at a minimum, are responsive to the specific requirements of this Statement of Work, organized into a logical order, contain no spelling or grammatical errors, formatted uniformly, and contain accurate information and correct calculations.
· Contractor shall submit each deliverable to the Department’s Project Manager for review and approval.
· Contractor shall retain all work papers generated for reference through the duration of the project and project acceptance.
· Contractor shall participate in the review and revision process until the Department provides written acceptance of the deliverable.
· Contractor shall research, document, and share any documentation as requested by the Department.
· Contractor shall provide copies of any supporting documentation to the Department upon request of the Department and without charge.
· Contractor shall assist the Department with planning, scheduling, and facilitating meetings within CDE; with other State of Colorado Agencies; and with other states, as needed.
· Contractor shall serve as a subject matter expert (SME) and mentor for CDE designated employees.
· Contractor shall respond to all telephone calls, voice mails and e-mail inquiries from the Department within one business day.
· Contractor shall enable all Contractor staff to exchange documents and electronic files with the Department in formats compatible with the Department’s systems. The Department currently uses Microsoft Office 365.
· Additional consulting projects as requested by the Department.
Project Requirements:
· Provide expert Identity management systems consulting services.
· Contractor shall join the SLDS project team and interview necessary subject matter experts to understand the current IDM system and how best to upgrade the system.
· Contractor shall review current architecture, business rules and application requirements.
· Contractor shall develop a new high-level architecture and design for the new identity management system, based on current industry direction, which shall include all changes to the base requirements.
· Contractor shall develop a roadmap that includes a timeline, milestones tasks and budget for the implementation of a new identity management system.
· Contractor shall assist in the development of an RFP using the information gathered in the discovery and design work to include requirements, timeline and budget.
· All deliverables will be submitted in draft form to SLDS Project Manager on the deliverable dates defined below. There will be 1 week allowed for CDE review and approval of draft plans. Plans are not limited to the plans defined below. There may be additional deliverables identified as the project progresses.