|
Project Title:
|
Program Manager
|
|
Position Id:
|
RFO0111
|
|
Client:
|
Minnesota Department of Health, MN
|
|
Duration:
|
3/15/2016 to 6/30/2016
|
|
Work Location:
|
Orville Freeman Building 625 Robert Street, Saint Paul, MN, Public Health Lab 601 Robert St. N, Saint Paul, MN, and Golden Rule Building, 85 7th Place E, Saint Paul, MN.
|
|
Interview Type: Phone/ IN Person-
|
In person prefered
|
Skill matrix to be filled by candidate :
|
Required minimum qualifications
|
Minimum Number Years of experience
|
|
4 years’ experience working on IT security controls projects in environments that use the following technologies: Oracle, MS-SQL, Active Directory, Java, JavaScript, Linux, Windows server 2012, Windows 7, TCPIP.
|
|
|
3 years’ experience working with NIST recommended Security Controls for Federal Information Systems and Organizations, Special Publication 800-53 revision 4.
|
|
|
2 years’ experience with Identity and Access Management (IAM) system(s).
|
|
Desired Skills
|
Minimum Number Years of experience
|
|
Experience with Keycloak identity management authentication server.
|
|
|
Experience with ArcSight event manager.
|
|
|
Experience with RSA Archer platform.
|
|
|
At least one engagement in which the applicants had to participate in a SSAE16 SOC 2 or equivalent (e.g. Fed RAMP) industry security standards audit
|
Project Deliverables:
- Detailed project work plan with prioritized deliverables, level of effort in hours, dates, and task assignments.
- Access Controls Risk Assessment document for Applications, Network, Operating Systems, and Databases based on compliance with MN.IT Enterprise Security Control Standards and data classification for each system.
- Documented application access controls, procedures, remediation plans, and exceptions that adhere to the MN.IT Enterprise Security Control Standards.
- Documented network access controls, procedures, remediation plans, and exceptions that adhere to the MN.IT Enterprise Security Control Standards.
- Documented operating system access controls, procedures, remediation plans, and exceptions that adhere to the MN.IT Enterprise Security Control Standards.
- Documented database access controls, procedures, remediation plans, and exceptions that adhere to the MN.IT Enterprise Security Control Standards.
- The documented access controls and procedures must adhere to the appropriate data classifications that are documented in the MN.IT Enterprise Security Control Standards.
- Documented procedures must include how access is/or will be monitored and tracked.
- Documented procedures must include any tools that are/or will be used to monitor and track access.
- Documented application controls and procedures must include remediation for migrating to Keycloak Authentication Server if applicable.
- Create an MDH Access Control documentation package that can be used to test and verify application, network, operating system, and database access controls that adhere to MN.IT Enterprise Security Control Standards.
Project Environment:
Resources will work in a team environment under the direction of the MN.IT@MDH Chief Information Security Officer and the IT Security team.