Health Management Systems, Inc. Federal Information Security Analyst III in Irving, Texas
HMS makes the healthcare system work better for everyone. We fight fraud, waste, and abuse so people have access to healthcare—now and in the future. Using innovative technology and powerful data analytics, we help government and commercial payers reduce costs, increase quality, and achieve regulatory compliance. We also help consumers take a more active role in their own health. Each year, we save our clients billions of dollars while helping people live healthier lives. At HMS, you will develop new skills and build your career in a dynamic industry while making a difference in the lives of others.
We are seeking a talented individual for a Federal Information Security Analyst III position to identify and report information technology threats. Identify and demonstrate risk realization of possible exploits within the Information Technology and application infrastructure to enable the enhancement of the overall security posture of the organization. Conduct formal assessments on both application and information Technology environments throughout the organization, documenting assessment plans as well as documenting results of assessment activities. Respond to information security-related questions and inquiries using established information security tools and procedures. Work closely with a wide range of audiences, including Security Infrastructure, Audit & Risk Liaisons, the various technical teams from Legal and HR to IT experts and other IT personnel, business and clients to meet these objectives.
Ensures compliance with the CMS information security program.
Facilitating Medicare IT system information security program and ensuring that the necessary safeguards are in place and working.
Coordinate information system security activities throughout the organization.
Ensure Federal security controls are incorporated into new IT systems.
Coordinate with regulatory agencies to maintain compliance.
Participate in audits when required.
Ensuring that technical and operational information security controls are incorporated into new IT systems by participating in all business planning groups and reviewing all new systems/installations and major changes.
Maintain information security documentation.
Document and update monthly Plan of Action and Milestones.
Monitors and advises on information security issues related to the systems and workflow at HMS to ensure the internal security controls are appropriate and operating as intended.
Supports the development and publication of Information Security policies, procedures, standards, guidelines based on knowledge of best practices and compliance requirements.
Conducts company-wide assessment and security audits and manages remediation plans.
Work closely with Enterprise Risk & Internal Audit, Procurement & Compliance to identify compliance baselines from legislative requirements and corporate objectives.
Understand information security risks pertinent to its business goals and technology infrastructure and support an enterprise information security risk program to identify & assess and respond to risks.
Develop, document, maintain and support the information security risk management program in line with information security policy, practices and leading industry standards.
Creates, manages and maintains user security awareness.
Conducts security research in keeping abreast of latest security issues.
Performs other related duties as assigned.
This position requires regular, predictable and timely attendance at work to meet department workload demands
- Performs other functions as assigned
Knowledge, Skills and Abilities:
Knowledge of information security standards, rules and regulations related to information security and data confidentiality (e.g., HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
Strong analytical and problem solving skills.
Excellent communication (oral, written, presentation), interpersonal and consultative skills.
Strong PC skills (Microsoft Office, Word, Excel, PowerPoint, etc.
Management of IT security and IT risk (e.g., data systems, network and/or web) across the enterprise.
Address questions from internal and external audits and examinations.
Develop/Maintain policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including HITRUST, SOX, NIST, and ISO guidance.
Facilitate IT security/risk training curriculum.
Serve as project lead within IT security projects.
Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.
Work Conditions and Physical Demands:
Primarily sedentary work in a general office environment
Ability to communicate and exchange information
Ability to comprehend and interpret documents and data
Requires occasional standing, walking, lifting, and moving objects (up to 10 lbs.)
Requires manual dexterity to use computer, telephone and peripherals
May be required to work extended hours for special business needs
May be required to travel at least 25% of time based on business needs
- Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required.
- CISSP, SSCP, CISA, etc preferred. Required if no degree.
Minimum Related Work Experience:
7-10 years IT security or information security experience with a proven ability to engage with Senior Management and regulators.
4 years’ experience conducting IT compliance assessments (NIST, SOC, SOX etc.)
4 years’ experience in administering IT security controls in an organization.
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
Experience with IPS/IDS and SIEM technologies.
Prior experience working within a healthcare service organization preferred.
Prior experience working with regulatory agencies including HHS, CMS, etc. preferred.
Knowledge of HIPAA guidelines preferred.
Project management skills preferred.
Prior experience performing security reviews and risk assessments preferred
Experience in security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing
Experience in the Archer eGRC Enterprise Solution or related Governance support software
Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.
HMS is an Affirmative Action and Equal Opportunity Employer who offers a drug-free workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a disable veteran or veteran of the Vietnam era.
Title: Federal Information Security Analyst III
Requisition ID: 2100100D
Health Management Systems, Inc.
- Health Management Systems, Inc. Jobs