Note: This position is one full week Onsite/Month with occassional travel.
Required
as a covered entity under the Health Insurance Portability and Accountability Act of 19NA (HIPAA), MSDH is required to identify a Security Officer responsible for the development and implementation of policies and procedures to ensure the integrity of electronic Protected Health Information (ePHI) created, transmitted, received and/or stored by the agency. This individual, designated as the IT Security Officer (ITSO), also is required by the state Department of Information Technology Services (ITS) under Rule 1.6 of the ITS Enterprise Security Policy. Under this rule, the ITSO is responsible for:
- Developing and maintaining agency-specific security plans, policies, and procedures.
- Interacting with ITS as the primary contact for security related issues.
- Ensuring MSDH is adhering to the State of Mississippi Enterprise Security Policy.
- Participating in the state information security threat intelligence feeds.
- Researching IT industry for security related issues and how it affects MSDH specifically.
- Monitoring security applications, activity logs, resources and issues within the agency utilizing approved security software and hardware.
- Facilitating the State Auditor’s Information Systems Audit and any Third Party Risk Assessments.
Manage the agency's Vulnerability Management and Supply Chain risk programs
- Minimum of 5 years’ experience cybersecurity, including 2+ years in leadership
- Must be a Certified Information Security Manager (CISM) or a Certified Information Systems Security Professional (CISSP)
- Must be a Certified HIPAA Professional (CHP)
- Must have technical experience with the following Security Toolset Areas: Patch/Vulnerability Management, EDR/XDR, Microsoft Defender 365, Supply Chain Monitoring, and SIEM/SOAR
Experience leading or participating in security program development, revision, and continuous improvement activities
Governmental data modernization or project management experience
AI/ML development expierience in cybersecurity inititives (next-generation firewalls, threat hunting, cyber risk, etc).