Duty Statement - CalCareers
|duty statement |
|Class Title |Position Number |
|Information Technology Specialist I (ITS I) |805-450-1402-022 |
|COI Classification | |
|Yes |No |
|Unit |
|Section |
|Branch |
|Information Technology Management Branch (ITMB) |
|Division |
|California Medicaid Management Information System (CA-MMIS) |
| |
|This position requires the incumbent maintain consistent and regular attendance; dress in a professional manner; communicate effectively (orally and in writing if both |
|appropriate) in dealing with the public, executives, and/or other employees; develop and maintain knowledge and skills related to security efforts, methodologies, |
|materials, tools, and equipment; complete assignments in a timely and efficient manner; and, adhere to departmental policies and procedures regarding attendance, leave, |
|and conduct. |
| |
|Job Summary: Under the general direction of the Information Technology Manager I (ITM I), the Information Technology Specialist I (ITS I) performs functions in the |
|domains of System Engineering and Information Security Engineering. The ITS I serves within the Department of Health Care Services (DHCS), Information Technology |
|Management Branch (ITMB) as an Information Security Compliance Specialist. The ITS I’s primary focus is on vendor security, compliance, and risk management. The ITS I |
|works in multiple operational areas of California Medicaid Management Information System (CA-MMIS). Job duties include ensuring vendors are compliant with applicable |
|security compliance requirements, reviewing security and technology recovery related documentation, assessing risks, developing corrective action plans, and providing |
|general security oversight of vendors. Duties include assisting in developing, maintaining, and delivering the models, frameworks, principles, and processes that are |
|used to plan, design, implement, and operate information security solutions; which enable consistency and reuse to satisfy business requirements for security services in|
|a standardized, repeatable, high quality manner. |
| |
|Supervision Received: The ITS I works under the general direction of the ITM I and receives general administrative and policy direction from the ITM I and the CA-MMIS |
|Security Lead (ITS II). The ITS I works independantly with responsibility and discretion over broadly defined missions or functions. |
| |
|Supervision Exercised: The ITS I has no direct supervision responsibilities. |
| |
|Domain: System Engineering and Information Security Engineering |
| |
|Working Title: Information Security Compliance Specialist |
| |
| |
|Description of Duties: The ITS I is responsible for ensuring DHCS and its vendors are compliant with all applicable security requirements at federal, state, agency, and|
|departmental levels. Duties include reviewing system security plans, technology recovery plans, risk and vulnerability assessments, Plan of Action and Milestone |
|reports, and providing compliance expertise consultation. The DHCS ITS I is a key member in the reuse of security services to mitigate CA-MMIS security risks while |
|maintaining compliance with Federal, State and Department requirements. |
| |
|In collaboration with the DHCS Information Security Office (ISO), and the CA-MMIS Security Lead, this position has responsibility for the development and maintenance of|
|DHCS information security principles, security reference architectures, and maintaining strategies, frameworks, standards, and roadmaps in cooperation with the ISO. |
|Other duties include assisting management with CA-MMIS security governance processes for evaluating the security and viability of proposed technologies, architectures |
|and systems. The ITS I will assist in development, maintenance, and review of a wide range of security related asset and portfolio documentation for vendor managed |
|CA-MMIS applications. Duties include performing information security risk assessments of documents and deliverables throughout the system life cycle. The ITS I must |
|maintain a high level of understanding of DHCS business functions, data flows, major applications, IT security technologies, and general information technology |
|concepts. Knowledge must be maintained of compliance regulations such as the State Administrative Manual (SAM), Health Insurance Portability and Accountability Act |
|(HIPAA), National Institute of Standards and Technology (NIST), and the Medicaid Information Technology Architecture (MITA). |
| |
|The ITS I will act as a technical subject matter expert and security authority for security controls, security plans, security policies, risk assessments, and incident |
|response for state staff and contractors performing contracted IT services for Fiscal Intermediary/System Integration vendors. Activities will include ensuring |
|appropriate technical, administrative and physical controls are put into place by the vendors operating under contract by conducting oversight, planning, consultation, |
|risk assessments and policy development. The ITS I must become familiar with the business function and data flows for all applications that are operated by contracted |
|vendors. Duties include documented security risk analysis within the change and release management process; to ensure appropriate technical, administrative and physical|
|controls are put into place by vendors. Risk analysis topics may include secure software development, authentication and authorization infrastructure, secure web |
|services and messaging, encryption, vulnerability management, and assurance of appropriate policies and procedures. Duties additionally include serving as the subject |
|matter expert for external audits, assessments, security incidents and data breaches. |
| |
|The ITS I will be responsible for acting as a liaison between non-technical program staff during system development projects including requirement development, |
|technical data review and acceptance testing. The ITS I will work with staff from all levels of state government, as well as, software/hardware vendors, |
|contractors/subcontractors, and consultants. The ITS I, in coordination with the CA-MMIS Security Lead, will aid in providing consultative assistance and oversight |
|during system and project planning and design phases to help ensure appropriate technical, administrative and physical controls are put into place by the vendors |
|operating under contract. |
|PERCENT OF TIME |ESSENTIAL FUNCTIONS |
| | |
|25% | |
| |Information Security and Architecture Compliance |
| | |
| |A1. In collaboration with ITMB Leadership, CA-MMIS Security Lead, and ISO, the ITS I is responsible for: |
| | |
| |Ensuring vendors are compliant with applicable information security requirements and architecture. |
| |Ensuring vendor deliverables are compliant with applicable security and technology recovery requirements. |
| |Assisting in the development and evolution of CA-MMIS Information Security and Architecture Framework, including principles, strategy, standards, |
| |designs and roadmaps. |
| |Supporting security documentation through a consistent set of security principles, technology standards and architectural constructs. |
| |Assisting in development of business, information and technical artifacts that constitute the CA-MMIS information security/architecture and solutions, |
| |including security patterns, reference architectures and templates. |
| |Researching, designing and recommending new technologies, architectures, and security products that will support security requirements for CA-MMIS and |
| |its customers and business partners. |
| | |
| |B1. The ITS I must research and maintain an expert knowledge of information security principles, industry best practices and applicable compliance |
| |regulations. The ITS I must maintain a strong understanding of the security controls defined in NIST SP 800-53 and current industry best practices for |
| |addressing each control, including the technical levels, administrative/policy, and physical security of each. That knowledge must also include |
| |understanding of the design and selection of technical solutions. The ITS I must develop and maintain the ability to independently research and |
| |understand highly complex technical issues which impact security of DHCS data, study existing and emerging Federal and State requirements, and to study|
| |and understand the complex business processes and applications within DHCS. The ITS I will assist and participate in security awareness and education |
| |campaigns to foster CA-MMIS and vendor understanding of efforts regarding higher levels of security maturity related to individual DHCS projects, |
| |programs and staff activities. |
| | |
| |Information Security Project Consultation |
| | |
| |B1. The ITS I will provide security expertise in all phases of the Software Development Lifecycle (SDLC) helping vendors and/or projects comply with |
| |security policies, industry regulations, and best practices. Leads efforts requiring analysis, design, development, and implementation of security |
| |controls for the most complex modifications to vendor managed IT systems and processes. |
|25% | |
| |Work closely with solution/project architects, other functional staff, and security specialists to ensure adequate security solutions are in place |
| |throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. |
| | |
| |Provide oversight and guidance on new security projects, security efforts, and evaluation of new IT technology and processes. Requires working |
| |knowledge of large-scale database architectures, data communication protocols, and network configurations; extensive knowledge of the Department's |
| |business enterprise, and ability to work independently. |
| | |
| |Provide support for risk analysis efforts; work directly with the vendor to provide security analysis expertise in evaluating release and change |
| |management efforts; and enforce standards and policies for security in Release, Change, and Configuration Management (RCCM). |
| | |
| |B2. The ITS I must maintain a strong knowledge of the purpose and best practices for use of enterprise security controls, as well as leveraging federal|
| |security requirements such as NIST SP 800-53, FedRAMP, and HIPAA. The ITS I must have a working knowledge of IT concepts such as firewalls, secure |
| |network design, authentication and authorization methods, use of secure event collection and monitoring, intrusion prevention techniques, and ensuring |
| |minimum necessary access through role based access controls. |
| | |
| |Information Security Business Consultation |
| | |
| |A3. The ITS I will evaluate and develop secure solutions, based on approved security architectures and by evaluating business strategies and |
| |requirements; analyze business impact and exposure, based on emerging security threats, vulnerabilities and risks. |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
|25% | |
| | |
| | |
| |Work with vendors, DHCS Solution Architects and application teams to design solutions in alignment with security architectures, policies and |
| |principals; this may involve partnering with various cross-functional teams to ensure compliance to policies, principals and standards. |
| | |
| |Partner with business to provide guidance on security considerations during early planning of new IT solutions and services. |
| | |
| |Perform education and outreach to vendor IT and business areas regarding Federal, State and Departmental security compliance requirements. |
| | |
| |Assist in development of Advance Planning Documents (APD) and Budget Concept Proposals (BCP) to ensure critical security needs are reflected. |
| | |
| |B3. The ITS I must maintain a strong knowledge of all major DHCS business functions, supporting IT areas and external entities interfacing with DHCS |
| |(e.g., Vendors, Counties, State or Federal departments, Providers, and/or Third Party Entities). |
| | |
| |Information Risk Analysis |
| | |
| |A4. The ITS I will provide support for risk analysis efforts and work directly with other CA-MMIS areas to provide security analysis expertise in |
| |evaluating release and change management efforts. In addition to providing security oversight for all phases of testing to include enforcement of |
| |development standards, environment security analysis and all other related security oversight requirements. |
|20% | |
| |In collaboration with ITMB Leadership, CA-MMIS Security Lead, and ISO, the ITS I will: |
| | |
| |Contribute to the development and maintenance of the CA-MMIS Information Security Strategy and the alignment of security governance in conjunction with|
| |other IT branches. |
| | |
| |Assist in the departmental security governance processes to ensure vendor alignment and compliance with security policies, principles and standards |
| |regarding the use of security products, techniques and patterns are followed. This includes change control, risk assessments, audits, development of |
| |standards and policy and direct consultation with the applicable DHCS staff and vendor representatives. |
| | |
| |Assist in developing, recommending, and reviewing Information Security policies. |
| | |
| |B4. The ITS I must maintain strong skills in security risk analysis, security governance, and security strategy. |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
|PERCENT OF TIME |MARGINAL FUNCTIONS |
| | |
|5% | |
| |Other Duties |
| | |
| |A5. The ITS I performs other duties as required. |
1
| |
|Employee’s signature |Date |
|Supervisor’s signature |Date |
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- jury duty cut off age
- federal jury duty excuses
- private duty companion caregiver needed
- federal jury duty on call
- federal jury duty pay
- federal jury duty vs state
- federal court jury duty service
- jury duty call in number
- looking for private duty work
- az jury duty summons
- jury duty laws by state
- pa jury duty age limit