Skip Navigation

Job Description

Apply Now

Principal Health Security Analyst

Job ID 857-2

Position Description:

Mathematica Policy Research is dedicated to improving public well-being by bringing the highest standards of quality, objectivity, and excellence to bear on information and analysis for our partners and clients. The company has been at the forefront of design and assessment of public policies and programs since 1968. Our analytic solutions have yielded actionable information to guide decisions in wide-ranging policy areas, from health, education, early childhood, and family support to nutrition, employment, disability, and international development. As one of the foremost public policy research organizations in the United States, Mathematica Policy Research is leading the way in providing health care research services to federal agencies.

Currently, Mathematica is seeking a Principal Health Security Analyst to lead our health IT security services. Based in our Woodlawn, MD or Washington, DC office, the Principal Health Security Analyst will apply their expertise in delivering security and privacy program analysis and client security services.  This role will advise project and technology teams on government and industry standards and best practices for securing applications in cloud, on-premises, and hybrid deployments, test applications according to prescribed security test plans, recommend specific tools and procedures to enhance application security, and describe how project processes and procedures align with security and privacy standards.  

In addition, the Principal Health Security Analyst will serve as the liaison to Health clients, including Centers for Medicare and Medicaid Services (CMS) and the Social Security Administration (SSA), and lead internal efforts for executing contractual requirements.  


  • Lead research, analysis, and development of solutions to align with prevailing security and privacy standards, guidelines, and best practices that promote compliance with contractual, FISMA, and HIPAA requirements.
  • Contribute to Health client and corporate security assessment and authorization documentation such as security plans, risk assessment and security control testing reports, contingency plans, and responses to third-party questionnaires and audits.
  • Lead on-premises and cloud solution security risk, compliance and vulnerability assessments and recommend solutions to correct deficiencies.
  • Be the face-to-face liaison with Health clients and partners, including CMS, SSA, large federal IT integrators, and states.
  • Develop, operationalize and standardize Health IT security processes, including management of access client systems and data, vulnerability management and ongoing monitoring.
  • Deliver security and privacy related tasks including project deliverables, contributing to business development tasks, and reviewing and contributing security and privacy specifications to contracts. Demonstrated ability to lead and advise proposal and project IT teams about security task budgeting, resourcing and scheduling.

Position Requirements:

Given the diversity of projects that comprise the Health business unit, the ideal candidate will have a combination of three or more of the following qualifications:

  • Bachelor's degree in computer science, software development, cybersecurity or relevant discipline preferred.  Will also consider a combination of education and computer/IT skills developed through progressively responsible positions in technology or consulting roles.
  • Ten+ years of experience in Health information security and privacy analysis and compliance in on-premises, cloud, and hybrid delivery models. 

  • Certified Information System Security Professional, Certified HIPAA Security Professional, Certified Information Systems Auditor, Certified Information Systems Manager or other relevant certification required. Amazon Web Services security certification desirable.

  • Collaborate effectively in a highly matrixed organization as a SME in on-premises, cloud and hybrid security implementation. Demonstrated ability to team with and partner as needed across business units.

  • Customer service orientation in execution of job responsibilities.

  • Knowledgeable about programming languages (SAS, R Python), operating systems (Windows, Linux), and platforms (AWS) commonly used in Health policy evaluation and program improvement work.

  • Willingness and ability to share knowledge with development teams and mentor individuals in ad hoc and formalized formats.

  • Strong organizational skills and ability to work in a fast-paced, multidisciplinary, and matrixed team setting.

  • Superb interpersonal skills, with the ability to convey complex security and privacy concepts to varied audiences in verbal and written formats.

To apply, please submit a cover letter, resume, writing sample, and salary expectations. We offer our employees a stimulating, team-oriented work environment, competitive salaries, a comprehensive benefits package, and the advantages of employee ownership. 

Various federal agencies and commercial entities with which we contract require that staff successfully undergo a background investigation or security clearance as a condition of working on the project. If you are assigned to such a project, you will be required to obtain the requisite security clearance. 

Available Locations: Woodlawn, MD; Washington, DC

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Apply Now

Sign Up for Job Alerts

Select InterestsSelect a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Computer Infrastructure, Washington, District of Columbia, United StatesRemove

View All Jobs