Overview
Skills
Job Details
Title: Security Analyst Consultant
Location: Columbia, SC
Duration: 12 Months
Interview Process: 1 Round Virtual/Online
Job Description
Scope of the Project
The organization is responsible for the Security and Compliance of its Information Systems and Data. They are seeking an expert Senior Information System Security Officer (ISSO) to oversee and actively support the day-to-day security and compliance needs of complex information system environments. The Senior ISSO will lead the establishment, implementation, and enhancement of Security and Compliance efforts aligned with State/Agency policies, standards, and regulatory requirements such as FISMA, NIST, CMS MARS-E, HIPAA, and others.
Daily Duties / Responsibilities
The Senior ISSO will report to the ISSO Team Lead and function as a seasoned cybersecurity consultant to leadership, business units, external partners, and vendors.
Security Program Responsibilities
Lead and support information security governance programs and Risk Management Framework (RMF) activities.
Strong preference for experience with CMS MARS-E, ARC-AMPE, or other FISMA RMF-compliant programs.
Must have demonstrated experience developing and maintaining:
System Security Plans (SSPs)
Privacy Impact Assessments (PIAs)
Interconnection Security Agreements (ISAs)
Computer Matching Agreements (CMAs)
Audit and assessment documentation
Experience integrating RMF/A&A tasks into the System Development Life Cycle (SDLC).
Experience with cloud security and vendor management is highly desirable.
Technical Knowledge
Hands-on experience with any of the following is desirable:
Archer (eGRC)
Linux and Windows servers
Network Firewalls, IPS, switching, routing
SIEM platforms
Identity and Access Management (IAM) tools
General Responsibilities
Perform architectural reviews and risk assessments of security-related requests.
Evaluate:
Network design and data flow
Data/system access models
Firewall rule requests
Baseline configuration deviations
Vulnerability management findings
Lead and mature security and compliance initiatives.
Conduct internal and external system security assessments.
Use Microsoft Office, ticketing systems, eGRC tools, Atlassian products, and other platforms for documentation and reporting.
Review contracts, BAAs, data-sharing agreements, and related documents.
Serve as primary contact for third-party audits and assessments.
Collaborate with leadership, teams, and vendors to recommend risk mitigation strategies.
Required Knowledge / Skills
Strong working knowledge of FISMA, NIST, CMS MARS-E, HIPAA.
5+ years experience in IT working with and/or auditing:
Windows and Linux systems
Relational and non-relational databases
Network infrastructure
Web-based applications
Prior experience with FISMA-compliant programs.
Experience working with eGRC systems.
Prior Health IT exposure.
Security certification required: ISC(2), ISACA, SANS GIAC, or equivalent.
Ability to work independently or in teams, prioritize tasks, and meet deadlines.
Strong communication skills with both technical and non-technical audiences.
Intermediate to advanced proficiency with Microsoft Office (Word, Excel, PowerPoint, Visio).
Strong attention to detail and ability to manage complex processes.
Ability to adapt to changes and collaborate effectively with diverse teams.
Preferred Requirements / Skills
Bachelor s degree in Computer Science or related field, or 10+ years equivalent experience.
Prior ITIL experience in Information Security Management.