Security Analyst CBMS/PEAK Compliance Program Manager Contractor

Job Title: Security Analyst CBMS/PEAK Compliance Program Manager Contractor
Duration: 3 Months
Rate: $60-65/hr on Amtex W2- Try to be competitive.
Location: REMOTE- 1570 Grant St Denver, Colorado – Candidate Must Be Local or someone from CO

Start Date: 07/07/2025
Submission Deadline: 06/16/2025

Summary of the purpose of this position.
• This position is responsible for audits and compliance review in the development, enhancement and maintenance of the Program Eligibility Application Kit (PEAK) and the Colorado Benefits Management System (CBMS), and any additional CBMS subsystems. This includes the following:
• Oversees the coordination of annual audits and serves as primary liaison to the audit teams during their review of PEAK, CBMS and its subsystems compliance with documented processes. Coordinates the collection of audit items/documents. Coordinates meetings and provides information as needed for audit requests.
• Performs Quality Assurance monitoring on documentation and other assigned items.

Duties
1. SOC 1 Type 2 Audit Coordination –
Brief Duty Description:

● Coordinate with the CDHS CBMS SOC audit team and HCPF staff to provide HCPF responses to requests from service auditors as necessary.
● Serves as the primary lead Point of Contact for audits on PEAK, CBMS, OIT and its subsystems.
● Serves as lead point of contract for Independent Verification and Validations (IV&V) teams
● Serves as lead point of contract for State of Colorado System and Organization Controls (SOC) auditors and the Office of State Auditor (OSA)
● Serves as point of contract for Social Security Administration (SSA) Audits
● Collaboration with the program area leads, vendor representatives, IV&V members, management, and others to provide support to the auditors.
● Assist with the coordination of the collection and sharing of documentation, and coordinate team members with the audit team.
● Coordinates all audit findings and responses to ensure items are addressed and resolved.
Specific examples of regular, ongoing decisions made by this position related to this duty.
● MARSe 2 audit – coordinate resolution of controls with HCPF. This would include determining who on the CBMS team would be assigned the Control. This position
would also manage updates and statuses of work being done on each control.
● MEET (CMS) – coordinate resolution of controls with HCPF. This would include reviewing controls and determining who on the CBMS team would be assigned the Control. This position would also manage updates and statuses of work being done on each control.
Annual SOC 2 Type 2 audit – work with SOC auditors when to initiate audit and then coordinate resolution of controls with OIT and vendor.
● ADA compliance within CBMS, PEAK, mobile apps and subsystems (Atlassian Suite, Google, etc).
In performing this duty, provide examples of typical problems or challenges encountered by this position, and the guidance used to resolve the problem.
● In the course of coordinating an audit, challenges with collection of support may be encountered. Following the processes established and escalating to management would be the steps to resolve the problem.

2. Other Duties as Assigned –
● Identity & access management – identify user roles, security groups that should exist, active directory cleanup assistance/coordination with appropriate teams
● Understanding of PEAK/CBMS security architecture – network, cloud, data, etc.
● Risk assessments
● Vulnerability management
● PEAK/CBMS specific compliance/security policies
● Understanding of security configs.
● Validation of security testing in CI/CD pipelines for deployments
● Coordination with incident management and DR

Interested candidates email your resume to alex@amtexenterprises.com