Currently, Mathematica is seeking a Principal Health Security Analyst to lead our health IT security services. Based in our Woodlawn, MD or Washington, DC office, the Principal Health Security Analyst will apply their expertise in delivering security and privacy program analysis and client security services. This role will advise project and technology teams on government and industry standards and best practices for securing applications in cloud, on-premises, and hybrid deployments, test applications according to prescribed security test plans, recommend specific tools and procedures to enhance application security, and describe how project processes and procedures align with security and privacy standards.
In addition, the Principal Health Security Analyst will serve as the liaison to Health clients, including Centers for Medicare and Medicaid Services (CMS) and the Social Security Administration (SSA), and lead internal efforts for executing contractual requirements.
- Lead research, analysis, and development of solutions to align with prevailing security and privacy standards, guidelines, and best practices that promote compliance with contractual, FISMA, and HIPAA requirements.
- Contribute to Health client and corporate security assessment and authorization documentation such as security plans, risk assessment and security control testing reports, contingency plans, and responses to third-party questionnaires and audits.
- Lead on-premises and cloud solution security risk, compliance and vulnerability assessments and recommend solutions to correct deficiencies.
- Be the face-to-face liaison with Health clients and partners, including CMS, SSA, large federal IT integrators, and states.
- Experience in Health information security and privacy analysis and compliance in on-premises, cloud, and hybrid delivery models.
- Certified Information System Security Professional, Certified HIPAA Security Professional, Certified Information Systems Auditor, Certified Information Systems Manager or other relevant certification required. Amazon Web Services security certification desirable.