Principal Consultant - Security, Privacy, and Compliance Lead

Description

About Us:

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests  NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

As the Medicaid Eligibility Client Management (MECM) security, privacy, and compliance lead in the Cybersecurity and Data Privacy (CDP) practice area, you will be responsible for overseeing and supporting security, privacy, and compliance for the Medicaid Transformation Program. This program aims to modernize eligibility determinations for the Medicaid complex (non-modified adjusted gross income [MAGI]) population by leveraging industry best practices, proven frameworks, and modern technologies.

The initiative seeks to automate as much of the eligibility determination process as possible, reducing the need for human intervention and in-person assistance. NYSTEC is considered a trusted advisor, providing subject matter expertise and connecting the dots for our clients. NYSTEC has consulted on some of the largest Medicaid initiatives and has served in various roles across a multitude of New York State healthcare technology systems.

Serving as an MECM security, privacy, and compliance lead, your day-to-day role as a NYSTEC consultant will include serving as a point of contact for matters that impact the program's security, privacy, and compliance. You will collaborate closely with state staff, vendors, and consulting partners, helping to set priorities and manage ongoing tasks to ensure program success.

This position is expected to be primarily onsite in Albany, NY. Qualified candidates should reside within a commutable distance to Albany, NY.

• Coordinate developing and implementing policies, procedures, and internal controls to support the Medicaid Transformation Program in the areas of security, privacy, and compliance.
• Lead and perform comprehensive evaluations and operational risk assessments related to the Medicaid Transformation Program.
• Plan and support security training, incident reporting, vulnerability management, federal and state audits, and security policies related to the Medicaid Transformation Program.
• Lead and oversee the development and implementation of data sharing agreements, forms, documents, processes, and procedures related to the Medicaid Transformation Program.
• Collaborate with the Division of Legal Affairs, business stakeholders, technology stakeholders, other state agencies, and external entities to evaluate risk and to ensure the security and privacy of data and applications in scope for the Medicaid Transformation Program.
• Compile, review, and approve progress reports that describe the project status, including technical, fiscal, and staffing issues.
• Monitor vendor compliance with contracts for services while resolving problems, as needed.
• Manage and monitor activities performed by vendors, contractors, and consultants.
• Maintain a close working relationship with the Department security director and keep the Department security director timely informed of any potential security issues and resolution or remediation of those issues.
• Communicate - verbally and in writing - with a variety of individuals, including management, users, vendors, and technology staff.
• Negotiate between program managers, technology staff, vendor personnel, and stakeholders to reconcile differing priorities.

• Bachelor's degree and eight years of progressively responsible information technology experience in developing large-scale systems, three of these years must have been managing teams.
• Experience managing vendors, including monitoring service level agreements and adherence to contract terms.
• Experience in information technology, security, and managing security resources.
• Experience developing and managing security and privacy policies, data sharing agreements, contracts, and legal documents.
• One or more of the following cybersecurity certifications: CISSP, CCSP, CISM, CISA, GSEC, or CompTIA Security+.

• Experience working in health and human services at a national, state, or local level, as well as experience working with Medicaid programs in New York State.
• Experience and knowledge in Centers for Medicare & Medicaid Services (CMS), Internal Revenue Service (IRS), and Social Security Administration (SSA) security and privacy requirements and guidelines.
• Experience leading security, privacy, and compliance deliverables for large healthcare information system projects (e.g., planning, design, development, implementation, and operation) to ensure that deliverables are on time, on budget, within scope, and meet stakeholder needs.
• AWS, Azure, and/or Google Cloud Computing Certification(s).

• A bachelor's degree and eight years of progressively…