• Data Security Subject Matter Expert

    General Dynamics Information TechnologyAshburn, VA 20147

    Job #1583639324

  • Type of Requisition: Regular

    Clearance Level Must Be Able to Obtain: None

    Public Trust/Other Required: None

    Job Family: Information Security

    • We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. At GDIT, cyber security is not just a singular part of our mission-it connects every one of us because it's embedded into every aspect of what we do.GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is ~~~ this role, a typical day will include:

    • Conduct QECP data security application and reapplication reviews

    • Contribute data security technical input for program manuals, SOPs, and security compliance data collection tools.

    • Maintain the information security review methodology for Qualified Entities (QE) to ensure a consistent evaluation of the QE's information security and privacy programs. The methodology will evolve using a risk management approach. Special attention will be placed on balancing the protection of CMS data and the burden placed on the QEs receiving that data.

    • Provide clear and concise guidance provided for each control.

    • Update the security and privacy control selection process to employ NIST 800-53r4, ARS 3.1, and provisions of the HIPAA Privacy Rules that are relevant to the protection of confidentiality.

    • Adopt a single control baseline for all external entities that is depicted in Data Security and Privacy Framework Proposed Control Selection

    • Update the security control selection process to employ NIST 800-53r4, ARS 3.1, NIST SP-800-171r1, and provisions of the HIPAA Security Rules that are relevant to the protection of confidentiality. This recommendation aligns with the GAO's observations that control baselines should be based on the prevailing NIST guidance.

    • Provide guidance for QEs to implement and document security and privacy control requirements. Such guidance addresses the GAO recommendation to develop and distribute guidance for researchers defining implementation guidance. The guidance:

    • Uses standard language for controls that require a standard implementation

    • Provides actionable security and privacy control implementation instructions that realize efficiencies across requirements

    • Addresses the impact of modern technologies, such as mobile, and modern modes of deployment, such as leveraging cloud service providers

    • Develop guidance that is applicable to external entities that leverages the most recent, mandated or commonly accepted industry standards and best practices (e.g. FISMA, HIPAA, and NIST). This recommendation aligns with the GAO's observations that control baselines should be based on the prevailing NIST guidance.

    • Develop a formal, periodic process for updating the implementation guidance.

    • Develop a formal, cyclical process for updating the Data Security and Privacy Framework for sharing Medicare beneficiary data with external entities.

    • Provides advanced guidance and leadership to less-experienced team members.

    • May serve as a team or task leader. (Not a people manager)

    • Ensure compliance with regulations and privacy laws.

    • WHAT YOU'LL NEED:

    • BA/BS (or equivalent experience),

    • 10+ years of experience

    • Knowledge and understanding of CMS data security compliance

    • Ability to obtain a Public Trust

    • WHAT GDIT CAN OFFER YOU:

    • Full-flex work week

    • 401K with company match

    • Internal mobility team dedicated to helping you own your career

    • Collaborative teams of highly motivated critical thinkers and innovators

    • Ability to make a real impact on the world around you

    We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

    GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.