Position Description Baltimore City IT (BCIT) is recruiting for a Senior Security Engineer Public Health. In this role, you will be responsible for ensuring that Agencies who are responsible for processing public health information and other sensitive information are compliant with applicable regulations such as HIPAA, best practices, and the city’s IT security standards. The ideal candidate will have experience performing risk and compliance assessments, prioritizing the results, and implementing security controls.Sr Security Engineer Public Health responsibilities may include but are not limited to:

Drive collaboration with city agencies such as Baltimore City Health Department, Mayors Office of Children and Family Services, Mayors Office of Homeless Services, Baltimore City Fire Dept Emergency Medical Technicians and others that are responsible for processing personal health information and other sensitive data to ensure compliance with HIPAA, best practices and the city’s IT standards.

Document the use cases and requirements that describe how a system will be utilized, what processes it will support, and who will use the system.

Perform a risk assessment and threat modeling to identify and quantify vulnerabilities against new systems and legacy systems.

Identify HIPAA regulations, compliance standards, or City IT security standards that must be met by the system.

Document the security controls required to mitigate threats and vulnerabilities and to meet regulations, compliance or city IT security standards.

Review system design documentation to ensure security requirements are met, and to surface and address any additional vulnerabilities that are identified in the design phase.

Review and contribute to test plans and test cases to ensure security requirements are tested.

Review implementation plans and standard operating procedures to ensure controls and secure processes are being developed and implemented.

Monitor system implementation to ensure security controls are operating effectively.

Identify and address gaps in the city’s system engineering and security engineering processes to drive improvements.

Collaborate effectively with all agencies, departments, and other federal, state, and local government partners and vendors.

Provide regular status to BCIT and Information Security leadership.

Support analysis of security events and incident response as needed.

Education and Experience Minimum Education and Experience Requirements

Bachelor of Science degree in Information Technology, Computer Science, or Computer Engineering or related discipline from an accredited college or university; and

Six years of security engineering experience including healthcare systems, compliance frameworks, and selection and implementation of security controls.

Relevant certifications (e.g., CISSP, CCSP, GCED, CEH, CCNP) preferred.

Skills Requirements

Requires the utmost integrity, judgement, and discretion in carrying out duties and handling sensitive matters.

Ability to pass background check by national law enforcement.

Requires demonstrated understanding and experience with network and security architecture, multiple operating system platforms, databases, web applications, and other evolving mobile and cloud technologies, along with the following: malware inspection, traditional and application layer firewalls, VPN, identity management systems, data loss prevention, and network and host-based intrusion detection/prevention systems.

Knowledge of HIPAA, NIST Cyber Security Framework, security risk assessment processes and other information security control frameworks.

Knowledge network communication using TCP/IP protocols, basic system administration, virtual systems, active directory architecture, web proxies, etc.

Requires excellent verbal and written communication skills.

Ability to multi-task and work under pressure in a fast-paced environment.

Attention to details and demonstrated problem-solving skills.

Team player, self-confident, motivated, with excellent communication skills

Current knowledge of technology capabilities and trends; types, and techniques of threat actors

Bachelor of Science degree in Information Technology Management, Computer Science, Computer Engineering or a related discipline from an accredited college or university; and

Seven years of related experience; including

Three years of supervisory responsibilities as disciplining, evaluating the performance of and recommending the hiring, firing, and promoting of subordinate employees.

Excellent verbal and written communication skills.

Previous IT experience in government is preferred.

Skills Requirements

Comprehensive knowledge of Data and Analytics best practices.

Knowledge of project planning and scheduling; business continuity of operations planning; audit and compliance programs; and pertinent laws, regulations, and best data governance practices.

Ability to analyze and resolve complex business problems.

Ability to supervise, plan, and schedule the work of a professional staff and coordinate large initiatives in an agency defined by cross-functional activities.

Ability to analyze and resolve complex business problems.

Excellent communication skills which include the ability to prepare and deliver a cohesive strategy to executive leadership.

Ability to communicate effectively orally and in writing with internal and external customers.

Considerable experience in technical leadership around data.

A mix of experience in various IT disciplines such as vendor management, enterprise architecture, data governance and other disciplines will also be considered.