Information Systems Security Officer – ISSO 26-00253 - Compu-Vision Consulting, Inc.

Overview

On Site

Depends on Experience

Contract - W2

Contract - Independent

Contract - 12 Month(s)

No Travel Required

Unable to Provide Sponsorship

Skills

z/Linux

System Security

Team Leadership

Workflow

Software Development Methodology

SIEM

Security Controls

Risk Management Framework

Routing

Reporting

Risk Analysis

Risk Management

NoSQL

Privacy

RMF

Regulatory Compliance

Microsoft Windows

Network Design

Microsoft PowerPoint

Microsoft Visio

Management

Microsoft Excel

Microsoft Office

Intrusion Prevention

Leadership

Linux

Information System Security

Information Systems

Information Security

Information Security Management

IBM

IPS

ISACA

Firewall

HIPAA

Healthcare Information Technology

EMC RSA Archer

Event Management

Communication

Cyber Security

Documentation

Authorization

Cloud Security

Collaboration

Adaptability

Attention To Detail

Microsoft Word

Auditing

FISMA

Identity Management

SANS

Switches

Job Details

Job Title: Security Analyst – Consultant (Information Systems Security Officer – ISSO)
Location: Onsite (Columbia, SC)
Duration: 12 Months

Scope of the Project

The Office of Cybersecurity within a large state government agency is responsible for the security and compliance of enterprise information systems and sensitive data. The organization is seeking an experienced Senior Information Systems Security Officer (ISSO) to oversee and actively participate in the day-to-day security and compliance operations of complex information system environments.

The successful candidate will lead the establishment, implementation, and enhancement of information system security and compliance initiatives in alignment with state and agency policies, standards, and regulatory requirements, including FISMA, NIST, CMS MARS-E, HIPAA, and related frameworks.

Daily Duties / Responsibilities

Report to the ISSO Team Lead and operate as a senior cybersecurity consultant to agency leadership, internal business units, external partners, and vendors.
Provide expert guidance on security and compliance matters across enterprise systems and projects.

Security Program Experience

Strong leadership experience with CMS MARS-E, ARC-AMPE, or other FISMA RMF-compliant programs is highly desired.
Proven experience developing and maintaining RMF artifacts, including:
- System Security Plans (SSPs)
- Privacy Impact Assessments (PIAs)
- Interconnection Security Agreements (ISAs)
- Computer Matching Agreements (CMAs)
Participate in interviews, audits, assessments, and authorization activities to support RMF and A&A processes.
Experience integrating RMF/A&A tasks into the System Development Life Cycle (SDLC) in roles such as ISSO, Information Security Architect, or Security Control Assessor.
Experience with cloud security and vendor risk management is desirable.

Technical Knowledge

Hands-on experience with one or more of the following technologies is preferred:

Archer (eGRC)
Enterprise NoSQL Databases
IBM System 390/zSeries
Linux and Windows servers
Network firewalls, intrusion prevention systems (IPS), switching and routing infrastructure
Security Information and Event Management (SIEM) solutions
Identity and Access Management (IAM) solutions

General Duties and Responsibilities

Conduct architectural reviews and risk analyses related to:
- Network design and information flow
- System and data access models
- Firewall rule requests (ports, protocols, services)
- Configuration baseline deviation requests
- Vulnerability management
Lead and support the ongoing maturation of the agency’s security and compliance program.
Audit and assess internal systems as well as third-party and partner security controls.
Document and report findings using tools such as Microsoft Office, ticketing systems, eGRC platforms, workflow tools, and collaboration platforms.
Review security and compliance aspects of contracts, business associate agreements, data sharing agreements, and related documentation.
Serve as the primary point of contact for third-party audits and assessments.
Collaborate with leadership, stakeholders, vendors, and partners to recommend risk mitigation strategies.

Additional Qualifications

Strong working knowledge of FISMA, NIST, CMS MARS-E, and HIPAA Security and Privacy requirements.
Minimum 5+ years of IT experience working with or auditing:
- IBM System 390/zSeries
- Windows and Linux systems
- Relational and non-relational databases
- Networking infrastructure
- Web-based applications
Prior experience within a FISMA-compliant program.
Experience working with eGRC systems.
Prior Health Information Technology experience preferred.
Strong organizational, communication, and documentation skills.
Ability to work independently and collaboratively in a fast-paced, results-driven environment.
Intermediate to advanced proficiency in Microsoft Office (Word, Excel, PowerPoint, Visio).
Strong attention to detail with the ability to understand broader organizational objectives.
Ability to communicate complex security concepts to technical and non-technical audiences.
Flexible, adaptable, and receptive to change and constructive feedback.

Required Education / Certifications

One or more active information security certifications from ISC(2), ISACA, SANS GIAC, or equivalent.

Preferred Education / Certifications

Bachelor’s degree in a related field or 10+ years of relevant professional experience.

Required Skills (Ranked by Importance)

5+ years of IT experience auditing or securing enterprise systems and infrastructure
Experience working within a FISMA-compliant environment
Experience with eGRC tools and platforms

Preferred Skills

ITIL experience related to Information Security Management

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.