Information Security Specialist

Description

Consultant must have 10.1 The capability to perform the functions described in Section 13, Scope of Work;10.2 At least four (4) years of senior information security experience, including one (1) or more cloudbased, serviceoriented enterprise application implementation projects in the public sector. Experience shall include the 10.2.1 Collaborative development of project plans and control structures consistent with the principles outlined in the Project Management Body of Knowledge (PMBOK);10.2.2 Analysis of project privacy/security risks and the development of risk mitigation strategies;10.2.3 Secure access, processing, and storage of Personally Identifying Information (PII) and/or Federal Tax Information (FTI); and10.2.4 Review and approval of project deliverables, including security and privacy assessment of system architecture and electronic data interchange.10.3 Senior information security experience with the review, development, and implementation of physical safeguards related to the access, processing, and storage of PII and FTI;10.4 At least four (4) years of experience with data encryption protocols and best practices;10.5 Demonstrated experience securing Web Services and Application Program Interfaces (APIs), including RESTful APIs; 10.6 Sufficient fluency with HTML, JavaScript, and SQL to review technical deliverables without the need for syntax reference materials;10.7 Demonstrated experience assessing the security of applications developed with a contemporary, objectoriented programming language (such as Java, Ruby, C++, C#, or Python);10.8 Demonstrated experience assessing the security of applications developed with a contemporary, objectoriented application development framework, such as .NET, Ruby on Rails, Spring MVC, JSF, Django, etc.; and10.9 At least four (4) years experience with Microsoft Office (v. 2013+), Microsoft Project (v. 2013+), Microsoft Visio (v. 2013+), and Adobe Acrobat. EXPERIENCE AND SKILLS DESIRED listed in order of importance11.1 Senior information security experience with the establishment or operation of a State Based Marketplace (SBM) under the Affordable Care Act (ACA), including compliance with the Minimum Acceptable Risk Standards for Exchanges, version 2.0 (MARSE 2.0).11.2 Senior information security experience with a data migration project related to an SBM under the ACA.11.3 Senior information security experience with the establishment or operation of an SBM Consumer Assistance Center (CAC).11.4 Senior information security experience with the establishment or operation of a nonSBM Health Insurance Exchange (HIX), such as a privatelyor federallyoperated HIX.11.5 Senior information security experience with a data migration project related to a nonSBM HIX, such as a privately or federallyoperated HIX.11.6 Senior information security experience with the establishment or operation of a CAC for a nonSBM HIX, such as a privately or federallyoperated HIX.11.7 Demonstrated experience with document database systems (i.e.; NoSQL database systems), such as MongoDB or CouchDB.