Pastor jobs in Fort Collins, CO

Job Description

Sanford Federal headquartered in Stafford, VA., is a Service-Disabled Veteran Owned Small Business that provides federal professional services, primarily engaged in providing advanced information technology, cyber security, management systems support, as well as business and infrastructure management services.
We are among the most innovative, respected, and ethical providers of technology solutions to the United States government. Our mission is to provide superior-quality, innovative, information technology solutions that help federal agencies best aid, serve, and protect the American people.

Job Title:

Protestant Pastor Services

Place of Performance:

Rocky Mountain Regional Aurora, CO 80045

Work Schedule:

Monday through Friday between the hours of 8:00 a.m. and 5:00 p.m.

Objectives:

Department of Veterans Affairs, Veterans Health Administration, Rocky Mountain VA Medical Center (RMRVAMC) located at 1700 N. Wheeling Street, Aurora, CO, 80045, has a requirement for a one-year Project. The Candidate agrees to provide one Protestant Chaplain to perform chaplain services on a Call-Back/On Call basis in accordance with the terms and conditions stated herein at the ECHCS VA Health Care System (VA ECHCS).
.
SANFORD Requirements:

1.    Provide One Hour Sunday Worship Protestant Service with prepared sermon and service according to the Lutheran Lectionary.
2.    Provide initial visits to newly admitted patients, pre-surgery visits to the seriously ill and to those in designated patient care areas, using information provided by the Chaplain Integrated Clinical Community and document in CPRS and Event Capture.
3.    Provide bedside visits as requested/needed by patients.
4.    Counsel Veterans and Veteran families for general spiritual issues as well as for Grief and Loss.
5.    Consult with professional staff regarding the total welfare of any patient.
6.    On-duty time and services to be recorded in a log in the Chaplaincy Office when services are provided or within 24 hours thereafter.

Qualifications:

1.    Education - candidates must possess the Master of Divinity degree, normally based upon completion of 3 years of graduate study or possess equivalent educational qualifications.
2.    The position of the Candidate is decentralized; that is, the proposed Candidate must be approved by the Medical Center Director. In an emergency, the VA can accept the employment application/resume and a declaration that the Candidate is in good and regular standing with his/her denomination.

SPECIAL Project Requirements:

1.    SERVICE: In a time of need or emergency, as determined by VA, the Candidate agrees to provide services to meet and fulfill the needs of the Veteran, and to be available for call-back as necessitated by the needs of the VA. Mutually acceptable modifications shall be attached to this Project. The Candidate will be guided by the practices of the VA Chaplain Integrated Clinical Community.

VA INFORMATION CUSTODIAL LANGUAGE

a.    Information made available to the Candidate by VA for the performance or administration of this Project or information developed by the Candidate in performance or administration of the Project shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the Candidate’s rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1).
b.    VA information should not be co-mingled, if possible, with any other data on the contractors/ subcontractor’s information systems or media storage systems to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the Candidate must ensure that VA’s information is returned to the VA or destroyed in accordance with VA’s sanitization requirements. VA reserves the right to conduct on-site inspections of Candidate and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements.
c.    The Candidate must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the Project and applicable Federal and VA information    confidentiality and    security    laws,    regulations    and    policies.    If    Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the Project, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this Project, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this Project.
d.    The Candidate must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated.
e.    The Candidate’s firewall and Web services security controls, if applicable, shall meet or exceed VA’s minimum requirements. VA Configuration Guidelines are available upon request.
f.    For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the Candidate’s must complete a Candidate Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR.

INFORMATION SYSTEM HOSTING, OPERATION, MAINTENANCE, OR USE

a.    For information systems that are hosted, operated, maintained, or used on behalf of VA at non- VA facilities, Candidates are fully responsible and accountable for ensuring compliance with all HIPAA, Privacy Act, FISMA, NIST, FIPS, and VA security and privacy directives and handbooks. This includes conducting compliant risk assessments, routine vulnerablity scanning, system patching and change management procedures, and the completion of an acceptable contingency plan for each system. The Candidate’s security control procedures must be equivalent, to those procedures used to secure VA systems. A Privacy Impact Assessment (PIA) must also be provided to the COR and approved by VA Privacy Service prior to operational approval. All external Internet connections to VA's network involving VA information must be reviewed and approved by VA prior to implementation.
b.    Adequate security controls for collecting, processing, transmitting, and storing of Personally Identifiable Information (PII), as determined by the VA Privacy Service, must be in place, tested, and approved by VA prior to hosting, operation, maintenance, or use of the information system, or systems by or on behalf of VA. These security controls are to be assessed and stated within the PIA and if these controls are determined not to be in place, or inadequate, a Plan of Action and Milestones (POA&M) must be submitted and approved prior to the collection of PII.
c.    Outsourcing (Candidate facility, Candidate equipment or Vendor staff) of systems or network operations, telecommunications services, or other managed services requires certification and accreditation (authorization) (C&A) of the Candidate’s systems in accordance with VA Handbook 6500.3, Certification and Accreditation and/or the VA OCS Certification Program Office. Government- owned (government facility or government equipment) Candidate-operated systems, third party or business partner networks require memorandums of understanding and interconnection agreements (MOU-ISA) which detail what data types are shared, who has access, and the appropriate level of security controls for all systems connected to VA networks.
d.    The Candidate’s system must adhere to all FISMA, FIPS, and NIST standards related to the annual FISMA security controls assessment and review and update the PIA.    Any deficiencies noted during this assessment must be provided to the VA contracting officer and the ISO for entry into VA's POA&M management process.    The Candidate must use VA's POA&M process to document planned remedial actions to address any deficiencies in information security policies, procedures, and practices, and the completion of those activities. Security deficiencies must be corrected within the timeframes approved by the government. Candidate procedures are subject to periodic, unannounced assessments by VA officials, including the VA Office of Inspector General.    The physical security aspects associated with Candidate activities must also be subject to such assessments.    If major changes to the system occur that may affect the privacy or security of the data or the system, the C&A of the system may need to be reviewed, retested and re- authorized per VA Handbook 6500.3.    This may require reviewing and updating all of the documentation (PIA, System Security Plan, Contingency Plan).    The Certification Program Office can provide guidance on whether a new C&A would be necessary.
e.    The Candidate must conduct an annual self assessment on all systems and outsourced services as required.    Both hard copy and electronic copies of the assessment must be provided to the COR. The government reserves the right to conduct such an assessment using government personnel or another Candidate.    The Candidate must take appropriate and timely action (this can be specified in the Project) to correct or mitigate any weaknesses discovered during such testing, generally at no additional cost.

f.    VA prohibits the installation and use of personally-owned or Vendor-owned equipment or software on VA's network. If non-VA owned equipment must be used to fulfill the requirements of a Project, it must be stated in the service agreement, SOW or Project.    All of the security controls required for government furnished equipment (GFE) must be utilized in approved other equipment (OE) and must be funded by the owner of the equipment. All remote systems must be equipped with, and use, a VA-approved antivirus (AV) software and a personal (host- based or enclave based) firewall that is configured with a VA-approved configuration. Software must be kept current, including all critical updates and patches. Owners of approved OE are responsible for providing and maintaining the anti-viral software and the firewall on the non-VA owned OE.
g.    All electronic storage media used on non-VA leased or non-VA owned IT equipment that is used to store, process, or access VA information must be handled in adherence with VA Handbook 6500.1, Electronic Media Sanitization upon:  (i) completion or termination of the Project or (ii) disposal or return of the IT equipment by the Candidate or any person acting on behalf of the Candidate, whichever is earlier. Media (hard drives, optical disks, CDs, back-up tapes, etc.) used by the Candidates that contain VA information must be returned to the VA for sanitization or destruction or the Candidate must self-certify that the media has been disposed of per 6500.1 requirements. This must be completed within 30 days of termination of the Project.
h.    Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the Candidate at the end of lease, for trade-in, or other purposes. The options are:
(1)    Candidate must accept the system without the drive;
(2)    VA's initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or
(3)    VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase.
(4)    Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for the VA to retain the hard drive, then;
(a)    The equipment Candidate must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact; and
(b)    Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be pre-approved and described in the purchase order or Project.
(c)    A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed. The ISO needs to maintain the documentation.

Why SANFORD?
You can take pride in working for a company dedicated to serving our government by providing the best, most cost-effective solutions for the US Government. Our work helps the US Government secure our nation, support the efforts of our military and intelligence communities, and provide lifesaving medical services to our soldiers, vets, and their families.