Specifications include, but are not limited to: At a minimum, Offerors must provide a full-time systems and data security project manager to work at the direction of the State program management office lead. Additionally, the offeror may bid up to one additional FTE (comprised of multiple systems and data security subject matter experts) to support the security project manager in the development of systems security plans and related activities. The resources sought by the MHBE to augment the Health Care Reform PMO in the areas of security architecture, planning, and compliance are expected to work onsite at a variety of State of Maryland office locations in the Baltimore Metro area. In addition to working with State officials in defining and documenting security architecture, planning, and controls, the systems and data security consultants selected for this contract will also work closely with the State s systems integrator and its partners to support the successful implementation and deployment of the HIX solution. The duration of the resultant contract will be for a period of 1 year with an optional 1 year extension to be exercised at the discretion of the MHBE. Through this RFP, MHBE seeks a full-time security project manager and additional security and privacy consulting support (up to 1 additional FTE) to perform the following activities: Develop and maintain an integrated project plan that encompasses all activities related to security planning and implementation for MHBE s IT systems, databases, infrastructure, and related operations Facilitate security-related project meetings with State Agency and HIX IT vendors to confirm and document security requirements as well as to ensure that those requirements are being met as part of all Health Care Reform related development activities Support the MHBE Chief Information Security Officer s Agency-wide security and privacy development efforts. These include, but are not limited to, the following: o Develop training and procedures to communicate and vet policies, working with IT vendors and business partners to ensure that standards and practices are incorporated into IT work products and operational procedures, o Validate compliance with those policies overseeing self-audit and compliance tracking activities, o Coordinates the preparation of audit responses, IT security documents, and reports for presentation to auditors and oversight agencies within the State and to the Federal government as required, o Develop strategies and plans for identifying and mitigating issues and risks to IT security and privacy as appropriate, o Assess the capability of MHBE IT vendors for security monitoring, threat detection and prevention with regard to MHBE IT systems and make recommendations for improvement
