Description

The DoD Healthcare Management System Modernization (DHMSM) Program is looking for a Chief Information Security Officer (CISO) for cyber security leadership for continued development, sustainment, and deployment of the Military Health System (MHS) GENESIS system. MHS GENESIS is deployed globally to over 3700 locations at 138 Medical Treatment Facilities (MTFs), serving 190K users, providing 1100+ clinical workflows delivering medical electronic health record (EHR) capabilities for nearly 10M beneficiaries.

As the CISO for this highly visible program, selected candidate will support operations, processes, and procedures for Integrated Information & Cyber Security Services including Enterprise Operations, End User Support, Software Engineering, Cloud technologies and Cyber Security. You will utilize your in-depth technical knowledge of cyber security systems and processes, to lead a cyber security team and serve as an advisor to the customer on the Cyber Security needs of the program. The successful candidate will work closely with the Program Manager, Operations Director, Chief Engineer, Global Implementation Lead, systems engineering, integration, and product team leads regarding cyber security, to create strategies, plans, and processes for the sustainment and enhancement of MHS GENESIS capabilities. Additional support to business development and proposal development will also be required at times. Some travel will also be required.

Primary Responsibilities

• Develop and implement strategic, technical, operational security/infrastructure controls, and enforce cybersecurity policies and procedures, that are properly aligned with program goals and objectives.

• Provide strategic guidance to ensure seamless, secure, and compliant data integration and migration in a healthcare setting.

• Develop defensive cybersecurity operations solutions for detection, mitigation, and response to cyber incidents using a combination of technology solutions and processes and ensuring security issues are addressed quickly on discovery.

• Review and prioritize needs and analyze project costs and feasibility.

• Manage the timely response and investigation efforts for security incidents, breaches, and forensics to meet all regulatory and business requirements and minimize their impact.

• Ensure that information security strategies and processes meet all regulatory and business requirements so that the impacts of incidents are minimized.

• Provide technical leadership, lead design sessions and discussions with vendors for delivering an innovative product, service or, at higher levels, a combination of products and services that address customer specific objectives and requirements and maintain Cyber Security compliance for the program.

• Provide regular reporting on the status of information security efforts to Leadership and enterprise risk teams, and senior business leaders.

• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program, facilitate appropriate resource allocation, and increase the maturity of the security.

• Maintain current knowledge of relevant technology and Federal Cyber Security Standards

• Support program management and business development reviews and assist in improving technical performance on existing program as required.

• Lead and develop innovative solutions in support of capture and proposal efforts, to include evaluating tradeoffs of solutions against cost, schedule, function, quality, and other evaluation criteria.

Required Qualifications

• Bachelor's degree in a technical field with 17 years of relevant experience or Master's degree in technical field with 15+ years of relevant experience; Industry certifications will be considered in augmenting years of experience.

• U. S. Citizen with an active SECRET clearance. Contract requirement.

• Experience with security and compliance in cloud computing environments.

• CISSP (desired), CISM, CISA, or other industry certifications (CCSP, CRTSA, CNDA, or GDSA)

• DoD 8570.01-M compliance with IASAE Level 2

• Experience implementing and knowledge of RMF, FedRAMP, NIST, FISMA, Zero Trust and ATO standards and processes, along with Federal and State Laws that apply to protected health information.

• Experience managing and overseeing complex data transition projects, ensuring compliance with healthcare regulations, and implementing robust security measures during all stages of COTS modernization (such as EHR applications)

• Proficient in risk assessment and mitigation strategies, with a deep understanding of the unique challenges and threats in healthcare IT, especially during large-scale data migrations.

• Experience and/or expertise in Information Assurance or Cyber Security and at least three of the following areas: Networking, System Development, Software or Application Development, Hardware Engineering, IT Operations, System Architecture, Cloud Architecture, Agile Development, and IT Service Delivery

• Strong organizational and communication skills including with the ability to articulate solutions and rationale for design decisions.

• Experience leading the development of solutions for proposals, RFI responses.

• Experience presenting to executive leadership (internal and external), customers and stakeholders regarding matters of strategic importance to the organization/program.

• IAT III or IAM III Certification. Contract requirement.

• Experience with DoD and federal government contracts and customers.

Desired/Preferred Qualifications

• Proven experience obtaining DOD or equivalent security ATOs for complex operational systems.

• Experience in large-scale EHR systems.

• Working knowledge of EHR systems (preferably Cerner)

• Experience with integrating solutions in a multi-vendor environment.

• Experience with enterprise-scale operations and maintenance environments.

• Adaptable to changing circumstances and operational needs.

• Top Secret clearance or ability to obtain TS clearance.

At Leidos, everything we do is built on our commitment to do the right thing for our customers, our employees, and our communities. Learn more about the values and culture that are the foundations of our business. Our mission is to make the world safer, healthier, and more efficient through information technology, engineering, and science. We offer a robust benefits package including competitive salaries; company matching 401K Retirement Plan; comprehensive medical, dental and vision coverage; flexible work schedule to allow for life/work balance; tuition reimbursement and more.

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Remote