Position: Senior Information Security GRC Analyst
Duration of the Contract: 12 Months (Possibility for Extension)
Location: South Carolina (100% Remote)
Interview Process: 1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
- Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
- Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.
Scope of the project:
This position with perform duties as part of DIS execution of its responsibilities under the state-wide information security program. DIS Responsibilities include:
- Supporting agencies during their development of the information security program with direct tactical implementation assistance.
- Developing and tracking agency information security implementation plans.
- Interview administrators, managers and third parties to aid in development of program artifacts.
- Ensuring high-level assessments of agencies’ infosec work to ensure progress is made.
- Providing high-level analysis of process and procedures work to ensure compliance with state standards.
Daily Duties / Responsibilities:
Duties include, but are not limited to:
- Interviewing business and technical owners to determine policies and procedures used for each agency process.
- Developing and tracking infosec implementation plan progress.
- Documenting information gathered during both interviews and
- Document reviews to assist with developing formal process and procedures.
- Assessing agency documentation to ensure adequate approaches are used to comply with controls.
Required skills (must include years of experience, in order of importance):
- 10+ Years of Experience in Information Security and Compliance.
- 2+ Years of Experience with security audits based on a standard control set as an auditor or responding information system security officer
- Must Have a Strong Working Knowledge of NIST 800-53 (2 Years of Experience)
- Prior Experience POA&M or CAP.
- Strong Communication Experience.
- Experience With Using a GRC Tool (Archer or Similar) (3 Years of Experience)
Preferred Skills (Rank in order of Importance):
- Have completed an information security plan or system security plan notebook.
- Simultaneously, manage multiple infosec work efforts.
- Knowledge of IRS 1075, HIPAA, CJIS, MARS-E and/or PCI-DSS.
- Government sector experience
Additional Skills:
- Ability to identify, map and re- engineer business processes.
- Strong schedule management and resource planning skills.
- Ability to work at a high-volume and fast pace.
- Strong collaborator and strong ability to meet deadlines.
Preferred Certifications:
• CISA, GSLC, or equivalent certification
Required Education:
Never miss an opportunity! Create an alert based on the job you applied for.
