Security & Privacy Compliance Analyst
Previous Job
Security & Privacy Compliance Analyst
Ref No.: 18-01378
Location: Honolulu, Hawaii
Title:  Security & Privacy Compliance Analyst
Location Honolulu, HI

Certification: Information security related certification(s) such as CISSP, CISA, CISM desired, but not required.

  • Three to five years' experience in an information security program performing various information security activities, assessing security controls and incident response work history that includes selection and implementation of security controls; experience with risk management and NIST; previous work in an environment that includes multiple projects and programs; experience with assessing HIPAA security rule controls is preferred; and experience in public sector or human services business domain is preferred.
  •  This position serves as the Security Analyst to provide support in the Information Security and Privacy Compliance Office which is responsible for providing leadership, expertise, coordination and support to the Department related to ensuring implemented technology solutions and policies and procedures protect the confidentiality, integrity and availability of data. This position supports the decisions, establishes priorities, and monitors implementation of the Information Privacy and Security Program ensuring compliance with federal and state requirements, such as the Medicaid Information Technology Architecture (MITA) and the Centers for Medicare and Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges (MARS-E) and the Health Insurance Portability and Accountability Act (HIPAA). 

Knowledge of:
  • Information security principles, methodologies and practices as they relate to the following information security activities:  access control, application security, business continuity and disaster recovery planning, cryptography, risk management, legal and regulatory constraints, compliance, investigations (eDiscovery), operations security, security architecture and design, telecommunications and network security; good understanding of information security aspects of large, complex IT systems and applications; MARS-E, MITA, NIST Special Publications 800 Series (preferred); and public sector or human services business domain (preferred).
  • Bachelor's degree from an accredited four (4) year college or university in computer science, information systems, or other related field of information technology.
  • Specialized training or equivalent work experience can substitute for the education requirement.
Major Duties And Responsibilities

Support Client activities to ensure compliance with security standards and guidelines.       
  • Works with other individuals within the Privacy and Security Compliance Office, divisions and offices to adhere and comply with documented security policies, procedures, standards, and guidelines.
  • Works with divisions and offices to understand regulations, requirements and guidelines associated with information security and privacy compliance.
  • Works with divisions and offices to draft and finalize procedures to comply with federal and state regulations and policies and procedures.
  • Participates in design sessions and discussions with vendors to determine whether planned implementations meet the security and privacy requirements. Identify weaknesses and offer potential solutions to mitigate risks.
  • Supports problem resolution related to security incidents and security operations, and assist with the development of workable solutions.
  • Attends team meetings and support meeting management activities.