Medicaid Senior IT Privacy and Security Analyst - Remote

FT Contract | Novalink Solutions LLC | United States

Posted On 05/30/2025

Actual Job Title 64182 - Security Operations Center (SOC) Analyst Expert

24

State Gov't

Target Date 06/12/2025

68502

Job Opening ID NL-28318-JOB

Number of Positions 1

Assigned Recruiter(s) Dinesh Mathi

City Lincoln

State/Province Nebraska

68502

Job Description Summary:

The resource will be responsible for developing the State’s Medicaid Data Warehouse system security plan, supporting audits, and third-party assessments. The resource will focus on ensuring the State’s security posture meets compliance standards by actively participating in internal and external audits, reviewing third-party vendor security practices, and identifying potential risks to mitigate during assessments.

Job Responsibilities:

• Create and maintain System Security Plans for the State of Nebraska’s Data Warehouse.

• Develop standard operating procedures, controls-related documentation, and other required security documents.

• Prepare for audits: Gather necessary documentation, review security controls, and address any identified gaps before an audit occurs.

• Collaborate with auditors: Provide access to systems and information, answer questions about security practices, and explain control implementation details.

• Collaborate with the State team to prepare for audits and internal assessments.

• Responding to audit findings: Analyzing audit results, developing remediation plans, and tracking progress on addressing identified issues.

• Third-party vendor risk assessment:

• Evaluating the security posture of third-party vendors by reviewing their security policies, procedures, and controls.

• Identifying potential security risks associated with vendor relationships.

• Communicate security concerns to vendors and work with them to implement necessary security improvements.

Required Credentials and Experience:

• Expertise in security frameworks, including NIST Cybersecurity Framework, NIST 800-53, and other industry standards such as ISO 27001, PCI DSS, and CIS Controls.

• Experience in developing System Security Plans (SSPs) aligned with NIST guidelines.

• Strong ability to identify, analyze, and prioritize security risks, along with a solid understanding of audit methodologies and compliance reporting requirements.

• Broad understanding of network security, system administration, application security, vulnerability management, and data protection technologies.

• Experience interpreting vulnerability assessment reports and remediating security findings.

• Ability to effectively communicate security risks and recommendations to both technical and non-technical audiences, including leadership.

• Minimum of seven years in IT security roles, with a preference for candidates who have held management or leadership positions.

• Bachelor’s degree in cybersecurity, computer science, information technology, or a related field.

Preferred Credentials and Experience:

· Certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).

• Experience in MARS-E security guidelines from CMS.