Security Analyst

Location: Columbia, SC

Work Arrangement: On-Site (Consulting/Contract Role)

Type: Contract Position (New Role)

General Description

We are seeking an expert Senior Information System Security Officer (ISSO) to lead Security, Risk, and Compliance activities for a major state health and human services agency (Medicaid). This is a high-impact contract opportunity for a motivated, results-oriented professional who can operate with little to no supervision.

The Senior ISSO will be responsible for directing the establishment, implementation, and enhancement of Information Systems Security and Compliance efforts based on Federal, State, and agency policies. This role requires deep, hands-on knowledge of regulatory guidance including FISMA, NIST, CMS MARS-E, and HIPAA.

Scope of Work

This new role within the Office of Cybersecurity (OCS) requires an expert to oversee and actively participate in the day-to-day security and compliance requirements of complex information system environments. The successful candidate will lead efforts to develop, maintain, and integrate security controls into the System Development Life Cycle (SDLC).

Daily Duties & Responsibilities

The Senior ISSO will report to the ISSO Team Lead and serve as an experienced cybersecurity consultant to agency leadership, business units, partners, and vendors.

Security Program Experience (Highest Weight)

• Lead and actively participate in CMS MARS-E, ARC-AMPE, or other FISMA Risk Management Framework (RMF) compliant programs.
• Develop and maintain critical RMF artifacts: System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), and Computer Matching Agreements (CMAs).
• Conduct interviews and audit/assessment activities to complete and verify RMF/Assessment and Authorization (A&A) tasks.
• Integrate RMF/A&A tasks and artifacts into the SDLC.
• Perform security and compliance reviews of Contracts, Business Associate Agreements (BAA), and Data Usage/Sharing Agreements.

General Duties

• Perform detailed architectural reviews and risk analysis for security requests (e.g., Network Design, Firewall Rule Requests, Configuration Management Deviations).
• Champion the design, development, and maturation of agency security and compliance efforts.
• Audit and assess internal systems and business partner/service provider security controls.
• Serve as the primary point of contact for third-party audits/assessments.
• Utilize tools such as Microsoft Office, eGRC systems (e.g., Archer), and ticketing systems to document and report on activities.

Required Knowledge & Skills

• 5+ years of experience in IT working with and/or auditing: IBM System 390/zSeries, Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications.
• Strong working knowledge of FISMA, NIST, CMS MARS-E, and HIPAA Security and Privacy.
• Prior experience working within a FISMA compliant program.
• Prior experience in working with any eGRC systems.
• Prior Health Information Technology experience.
• Required certification: ISC(2), ISACA, SANS GIAC and/or other Information Security Certification.
• Ability to collaborate effectively with diverse technical and non-technical audiences.
• Intermediate to advanced skills in Microsoft Office products (Word, Excel, PowerPoint, Visio).

Preferred Requirements/Technical Knowledge

• Experience in security as related to Cloud services and vendor management.
• Hands-on experience with: Archer (eGRC), Enterprise NoSQL Database, Network Firewalls, Intrusion Prevention Systems (IPS), SIEM solutions, and IAM solutions.
• Prior ITIL experience in Information Security Management.
• BS degree in computer science or similar discipline.

This position is ideal for candidates who enjoy working on complex, change-oriented projects in the public sector.