Senior Information Security GRC Analyst

Role: Senior Information Security GRC Analyst

Location: 100% Remote

Duration: 12 Months

W2 ONLY

Position Overview

The South Carolina Department of Administration, Division of Information Security (DIS), is seeking a Senior Information Security GRC Analyst to support the statewide information security program.

This position will assist agencies with the development, implementation, and improvement of information security programs by providing tactical support, conducting assessments, documenting processes, tracking compliance efforts, and ensuring alignment with established security standards.

The ideal candidate will have extensive experience in information security governance, risk, and compliance (GRC), strong knowledge of security frameworks, excellent communication skills, and the ability to work with business and technical stakeholders.

Position Details

Position Title: Senior Information Security GRC Analyst
Division: Office of Information Technology Services (OTIS) – Division of Information Security (DIS)
Location: Columbia, SC
Work Arrangement: Fully Remote (Onsite availability preferred for meetings, training, and departmental activities)
Duration: 12 Months
Extension: Possible
Start Date: Immediate
Openings: 1

Background Screening Required:

• 7-year standard background check
• Credit history check
• Driving record (MVR)
• E-Verify
• SLED Check
• CJIS certification (processed after start)

Responsibilities

Information Security Governance & Compliance

• Support agencies in developing and implementing information security programs.
• Provide tactical assistance to agencies for security program execution.
• Develop, maintain, and track information security implementation plans.
• Analyze agency security processes and procedures to ensure alignment with state security standards.
• Evaluate information security practices and recommend improvements.
• Ensure compliance with statewide information security policies and controls.

Security Assessments & Documentation

• Conduct interviews with business owners, technical owners, administrators, managers, and third parties to gather security-related information.
• Review existing policies, procedures, and documentation.
• Document findings from interviews and document reviews.
• Create and maintain formal security process documentation.
• Develop security program artifacts and supporting materials.
• Assess agency documentation to verify compliance with required security controls.

Risk Management & Process Improvement

• Identify gaps in security processes and recommend remediation strategies.
• Support development and tracking of:
  • Plans of Action and Milestones (POA&M)
  • Corrective Action Plans (CAP)
• Assist agencies in improving security maturity and control implementation.
• Identify, map, and re-engineer business processes where required.
• Support continuous improvement of security governance processes.

Collaboration & Stakeholder Management

• Work closely with technical teams, business teams, leadership, and external stakeholders.
• Communicate security requirements effectively to technical and non-technical audiences.
• Manage multiple information security initiatives simultaneously.
• Coordinate schedules, resources, and deliverables.
• Work effectively in a high-volume, fast-paced environment.

Required Skills & Experience

• 10+ years of experience in Information Security and Compliance.
• 2+ years of experience with security audits based on standard control frameworks as:
  • Auditor
  • Information System Security Officer (ISSO)
• Strong working knowledge of NIST 800-53 (minimum 2 years experience).
• Experience with:
  • POA&M
  • CAP processes
• Strong experience using GRC tools such as:
  • Archer
  • Similar Governance, Risk, and Compliance platforms (3+ years)
• Strong written and verbal communication skills.

Preferred Skills

• Experience completing:
  • Information Security Plans
  • System Security Plans (SSP) / Security plan documentation
• Ability to manage multiple security initiatives at the same time.
• Knowledge of compliance frameworks and regulations including:
  • IRS 1075
  • HIPAA
  • CJIS
  • MARS-E
  • PCI-DSS
• Government sector experience.

Additional Skills

• Strong analytical and problem-solving skills.
• Ability to identify and improve business processes.
• Strong organizational and schedule management skills.
• Ability to manage priorities and meet deadlines.
• Excellent collaboration and communication skills.
• Ability to work independently with minimal supervision.

Tools & Technologies

• Governance, Risk, and Compliance (GRC) Platforms
• Archer or similar GRC tools
• NIST 800-53 Framework
• Security assessment methodologies
• Compliance tracking tools
• Risk management processes

Education & Certifications

Required Education:

• Bachelor’s Degree

Preferred Certifications:

• CISA
• GSLC
• Equivalent Information Security / Compliance Certifications

Desired Profile

• Senior-level Information Security professional with strong GRC expertise.
• Strong understanding of security frameworks, controls, audits, and compliance.
• Experienced in working with government agencies and regulated environments.
• Strong documentation and stakeholder management skills.
• Proven ability to deliver security initiatives accurately and efficiently.