Need Security Auditor - Dallas, TX

  • Dallas, TX
  • Posted 4 hours ago | Updated 4 hours ago

Overview

On Site
Depends on Experience
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 26 Month(s)
Able to Provide Sponsorship

Skills

SAR
HIPAA

Job Details

Title: Security Auditor with CISSP or equivalent certification

Location: Dallas, TX

Duration: Long Term

Required Skills : -

  • A project schedule to perform the work and weekly status reports
  • A detailed assessment plan (consistent with the methodology documented in the most current version of NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations, the main testing points for the CIS critical controls, and detailed directions for addressing the penetration testing procedures for the OWASP Top 10 vulnerabilities)
  • Initial Security and Privacy Assessment Report (SAR) as described in the Streamlined Modular Certification for Medicaid Enterprise Systems Certification Guidance document, that meets the needs for the CMS ORR for the EASE system, and that includes the Penetration Test Report and results of all testing performed
  • An updated (final) SAR and related documentation if remediations were made after the initial SAR and by the end of the timeline.
  • NIST SP 800-171 and/or NIST SP 800-53 standards and all relevant controls in HIPAA;
  • aligning Health Care Industry Security Approaches pursuant to Cybersecurity Act of 2015, Section 405(d); and
  • the Open Web Application Security Project Top 10.

Risks should be identified using NIST SP 800-30 Revision 1.

The third-party audit should include, but need not be limited to, a penetration test, a review of all HIPAA compliance areas: user access control; information disclosure; audit trail; data transfers; and information on correct data use (i.e., role-based testing of use). The audit should cover adequate audit trails and logs (e.g., ID, access level, action performed, etc.). The audit should also cover encryption of data at rest, in audit logs, and in transit between workstations and mobile devices (where applicable), to external locations and to offline storage

The scope of work also includes support by the assessor to clarify findings and make corrective action recommendations after the assessment and attending meetings as requested by DCH.

Regards ,

Radiantze Inc

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.