Security Analyst

Location: Columbia, SC

Work Arrangement: On-Site (Consulting/Contract Role)

Type: Contract Position

The Opportunity: Complex, Change-Oriented Cybersecurity

We are seeking an expert Senior Information System Security Officer (ISSO) to join a motivated team and lead Security, Risk, and Compliance efforts for a major state health and human services agency. This is a critical contract opportunity where you will direct the establishment, implementation, and enhancement of information system security based on Federal, State, and agency policies.

The ideal candidate is a motivated, results-oriented professional comfortable making high-level contributions with minimal supervision. You will be instrumental in ensuring the compliance and security of complex information system environments.

Scope & Responsibilities

This role within the Office of Cybersecurity (OCS) requires an experienced cybersecurity consultant to oversee the day-to-day security and compliance requirements. You will be a strong oral and written communicator, eager to interact with agency staff, business units, and vendors.

Security Program & RMF Leadership

• Lead RMF Compliance: Leadership experience with CMS MARS-E, ARC-AMPE, or other FISMA Risk Management Framework (RMF) compliant programs is highly desired.
• Artifact Development: Develop and maintain critical RMF artifacts, including System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), and Computer Matching Agreements (CMAs).
• A&A Integration: Integrate RMF/Assessment and Authorization (A&A) tasks and artifacts into the System Development Life Cycle (SDLC).
• Security Audits: Audit and assess internal agency systems as well as business partner/service provider security controls.
• Review & Risk Analysis: Perform detailed architectural reviews and risk analysis for security-related requests (e.g., Network Design, Firewall Rule Requests, Vulnerability Management).

General Duties

• Serve as the primary point of contact for third-party audits and/or assessments.
• Perform security and compliance reviews of Contracts, Business Associate Agreements (BAA), and Data Usage/Sharing Agreements.
• Utilize eGRC systems (e.g., Archer), ticketing systems, and Microsoft Office software to document and report on information gathered.

Required Knowledge & Experience

• Certifications are Required: Must hold an ISC(2), ISACA, SANS GIAC and/or other recognized Information Security Certification.
• Regulatory Expertise: Strong working knowledge of FISMA, NIST, CMS MARS-E, and HIPAA Security and Privacy.
• FISMA Program Experience: Prior experience working within a FISMA compliant program is mandatory.
• Health IT Experience: Prior experience in the Health Information Technology sector.
• IT Systems Auditing (5+ years): 5+ years of experience in IT working with and/or auditing Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications.
• eGRC Systems: Prior experience working with any eGRC (Enterprise Governance, Risk, and Compliance) systems.
• Soft Skills: Ability to work independently, collaborate with diverse audiences, and manage/prioritize tasks effectively in a results-oriented environment.

Desired Technical Knowledge

• Experience in security as related to Cloud services and vendor management.
• Hands-on experience with: Archer (eGRC), SIEM solutions, IAM solutions, Network Firewalls, and IPS.
• Prior ITIL experience in Information Security Management.

Pre-Employment Checks: Criminal, credit, e-verify, and confidentiality form checks are required for this position.