IT Security Risk Analyst-W2 Only

Role: IT Security Risk Analyst-W2 Only

Location: Columbia, SC

Duration: One Year contract with possibility of extensions

Interview Process: 2 rounds, Virtual & In Person

Position Overview

The IT Security Risk Analyst will serve as a key member of the Office of Cybersecurity (OCS), reporting directly to the ISSO Team Lead. This role requires an experienced cybersecurity professional to act as a trusted advisor to agency leadership, business units, partners, and vendors. The Senior ISSO will drive security and compliance initiatives, oversee system assessments, and ensure alignment with federal and state security standards.

Key Responsibilities

• Lead the development, implementation, and maintenance of security documentation including System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), and Computer Matching Agreements (CMAs).
• Perform security architectural reviews and risk analysis on requests related to:
• Network design and information flow
• System/data access models
• Firewall rules (ports, protocols, services)
• Baseline configuration deviations
• Vulnerability management
• Conduct audits and assessments of internal systems and business partner security controls.
• Serve as the primary contact for third-party audits and assessments of agency and partner systems.
• Review and advise on security aspects of contracts, business associate agreements, and data usage/sharing agreements.
• Provide recommendations to mitigate security and compliance risks while collaborating with leadership, vendors, and stakeholders.
• Champion the integration of RMF/A&A activities into the System Development Life Cycle (SDLC).
• Utilize tools such as Archer (eGRC), System Center Service Manager, Bizagi, Atlassian, and Microsoft Office for documentation, reporting, and tracking.

Required Skills:

• SC(2), ISACA, SANS GIAC and/or other Information Security Certification is required.
• 5+ years of experience in IT working with and/or auditing IBM System 390/zSeries, Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure and Web-based Applications.
• Prior experience working within a FISMA or NIST compliant program
• Prior experience in working with any eGRC systems.
• Prior Health Information Technology experience.
• 3-5+ years of risk management experience

Preferred Skills:

• Bachelor's in a related area or 10+ years of experience in the field or in a related area.
• Prior ITIL experience in the area of Information Security Management.