Information Assurance Engineer / Technical Analyst Security Rule SME ( R-00066647 )
Be part of a dynamic team in providing legal and technical services to support the Department of Justice. From emails and instant messages, to electronic devices, and social media systems, we’re equipped to meet the challenge of forensically capturing, reviewing, and illuminating the “smoking gun” evidence. Join us and make a difference!
Leidos is looking for an Information Assurance Engineer / Technical Analyst Security Rule SME in Boston, MA.
Primary responsibilities include:
Reviews security and privacy complaints, data breach notification and cybersecurity incident reports, and other correspondence and evidence to determine whether the complaint, self-report or breach notification report indicates non-compliance with the HIPAA Security Rule. Reviews data provided by the healthcare organizations across the nation to assess the overall impact of security and privacy incidents.
Evaluates and determines the technical sufficiency of submissions from HIPAA covered entities and business associates in response to data and documentation requests (i.e. Assessing reports related to security baselines, penetration tests, vulnerability assessments, and digital forensics). Develop reports summarizing the analysis along with formulating recommendations for OCR to consider for future action.
Develops written reports with technical security analyses, summaries, and recommendations for action.
Provides subject matter expert analysis, evaluation, and recommendations based on national security standards (NIST), industry best practices (ISO) and implementation specifications of the HIPAA Security Rule.
Provides expert guidance in designing, implementing, and managing information security, data protection, and risk management programs, including policies, procedures, and controls for protected health information based on HIPAA requirements.
Provides advisory expertise in the areas of risk analyses, vulnerability assessments, incident response, security architecture, physical security, business continuity and disaster recovery, enterprise mobility, threat intelligence and analysis, security awareness and online safety, and resolution of highly complex security projects and issues.
Expert in the development and evaluation of health information privacy policies and technologies, specifically regarding protected health information; de-identified / re-identified health information; limited data sets
Bachelor’s degree from an accredited college in a related discipline, or equivalent experience/combined education, with at least 8 years of professional experience of specific, hands-on experience actually doing work described in the preceding section
In-depth experience with security domains and industry best practices; business continuity and disaster recovery, supply chain and third party management; and up to date on evolving cyber-threats, defense strategies, and emerging technology.
Excellent written and oral communication skills.
Ability to translate and communicate highly technical matter to a non-technical audience.
Knowledge of HIPAA Privacy, Security, and Breach Notification Rules, other Security regulations, and industry best practices and standards (NIST, ISO, Sarbanes-Oxley, FISMA, COBIT).
Proficiencies in:Information governance and risk management, threat and vulnerability management, vendor management, infrastructure, security architecture for traditional, wireless, and cloud-hosted networks, cryptography/encryption protocols, business continuity and disaster recovery, social engineering and awareness training methodologies.
Master’s degree in computer science, Information Technology, Cybersecurity or related field.
Industry certification preferably CISSP, CISM, and CIPM/CIPP/CIPT.
We value and support the well-being and mobility of our employees with competitive benefit packages, complementary e-learning training, work-life flexibility, an exciting External Referral Program, and a diverse, inclusive and ethical work place. In fact, in 2020, Leidos was ranked as one of the “World's Most Ethical Companies” by the Ethisphere Institute for the third consecutive year.