State of Utah
Full job description
]
Privacy and Security Officer, DHHS
The Utah Department of Health & Humans Services (DHHS) is seeking a highly motivated individual to act as a Security and Privacy Officer. This position will manage the Privacy and Security Officer, to perform related information technology (IT) management duties. This is a senior level job. Develop, manage, and implement policies and processes to ensure the organizations compliance with applicable federal and state regulations and guidelines, particularly regarding the organizations access to and use of personal identifiable information (PII). Responsible for a wide range of duties which may include, but are not limited to, the following:
Respond to and document privacy and security incidents as a member of the information security and privacy (IPS) office;
Implement identity acand access management (IAM) controls including managing an inventory of multi-factor authentication (MFA) hard tokens;
Managing and searching a repository of email and SMS messages;
Implementing and managing mobile device management system according to enterprise constraints;
Draft standard operating procedure to implement enterprise policies and procedures;
Develop a system security plan consistent with NIST SP 800-18 using enterprise selected subdomains from the NIST CSF and controls and enhancements from NIST SP 800-53 rev. 5;
Respond to federal audits (preferably with experience associated with SSA CJIS);
Conduct privacy impact assessments (PIA) in accordance with industry standards (see IAPP; Article 35 GPDR);
Manage a architectural standards board to manage the acquisition of new IT solutions;
Submit tickets for services to the managed service provider and ensure that services are adequately performed;
Act as a technical consultant on the procurement of IT solutions;
Conduct in-person privacy and security reviews of facilities;
Manage IT related projects with managed service provider;
Provide security and privacy workforce training.
Why You Should Join Our Team
Become an integral part and contribute to the vision of advocating for, supporting, and serving all individuals and communities in Utah; ensuring all Utahns have fair and equitable opportunities to live safe and healthy lives. Help us achieve this through effective policy and a seamless system of services and programs.
The Agency
For information on the Utah Department of Health & Human Services,
Example of Duties
Coordinates the development of comprehensive security, privacy and IT master plans; ensures diverse interests, directions and policies are represented and consistent.
Designs, enhances, or implements systems and/or subsystems that reflect the changing privacy, security and IT needs of an agency.
Acts as a resource to provide information or determine the most effective way of meeting the needs of management, staff, clients or customers.
Serves on various boards, councils, committees, or task forces to coordinate agency activities and facilitate agency goals and initiatives.
Facilitates the use of research data to improve existing programs and utilization of resources.
Coordinates program activities, services, and/or program implementation with private providers, other governmental entities, program users, etc.
Anticipates the impact that new or modified software will have on existing standards and systems.
Adapts automated system(s) to accommodate special and complex agency needs; designs or enhances agency unique automated systems to interface with existing systems as needed.
Qualifications
The model candidate for this position is someone who:
Has a bachelor’s degree and/or previous professional experience, in Information Systems, Business, Information Assurances or related fields;
Has knowledge, skills and abilities related to:
Privacy and Security preferably with a knowledge of NIST related publications (e.g.; NIST SP 800-53 rev. 5; NIST CSF; NIST 800-30; NIST Privacy Framework; etc.) and privacy and security related laws (HIPAA; IRS Pub 1075; CMS MARS-E; UCA 63A-19-101 et seq.)
IT Project Management
Writing Policy and Procedures Documents
Infrastructure
Software Development
Understands privacy by design principles (see OWASP);
Is adept at dealing with people in a manner which shows sensitivity, tact, and professionalism;
Maintains confidentiality;
Is skilled with using Microsoft Word and Excel to create and prepare documents:
Communicates effectively, clearly, and concisely verbally and in writing.
Supplemental Information
Risks found in the typical office setting, which is adequately lighted, heated and ventilated, e.g., safe use of office equipment, avoiding trips and falls, observing fire regulations, etc.
Typically, the employee may sit comfortably to perform the work; however, there may be some walking; standing; bending; carrying light items; driving an automobile, etc. Special physical demands are not required to perform the work.
This position is currently a hybrid of both in-office and remote work days. Please note, a position’s eligibility for remote work is established by agency management and is subject to change at their discretion at any time and for any reason.
To apply for this job please visit www.governmentjobs.com.