Security Architect/Auditor

Job ID: SC-11518

Remote/Local Security Architect/Auditor (CISA/GSLC) with NIST/IRS/HIPAA/CJIS/MARS-E/PCI-DSS, POA&M/CAP, GRC/Archer, BPR experience

Location: Columbia, SC (Department of Administration)
Duration: 12 Months
Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.

Required skills (must include years of experience, in order of importance)
10+ Years of Experience in Information Security and Compliance.
2+ Years of Experience with security audits based on a standard control set as an auditor or responding information system security officer
Must Have a Strong Working Knowledge of NIST 800-53 (2 Years of Experience)
Prior Experience POA&M or CAP.
Strong Communication Experience.
Experience With Using A GRC Tool (Archer or Similar) (3 Years of Experience)

Preferred Skills (Rank in order of Importance):
Have completed an information security plan or system security plan notebook.
Simultaneously, manage multiple infosec work efforts.
Knowledge of IRS 1075, HIPAA, CJIS, MARS-E and/or PCI-DSS.
Government sector experience

Additional Skills
Ability to identify, map and re- engineer business processes.
Strong schedule management and resource planning skills.
Ability to work at a high-volume and fast pace.
Strong collaborator and strong ability to meet deadlines.

Required Education:
Bachelor s Degree Preferred Certifications:
CISA, GSLC, or equivalent certification

Scope of the project:
This position with be perform duties as part of DIS execution of its responsibilities under the statewide information security program. DIS Responsibilities include:
Supporting agencies during their development of the information security program with direct tactical implementation assistance.
Developing and tracking agency information security implementation plans.
Interview administrators, managers and third parties to aid in development of program artifacts.
Ensuring high-level assessments of agencies infosec work to ensure progress is made.
Providing high-level analysis of process and procedures work to ensure compliance with state standards.

Daily Duties / Responsibilities:
Duties include, but are not limited to:
Interviewing business and technical owners to determine policies and procedures used for each agency process.
Developing and tracking infosec implementation plan progress.
Documenting information gathered during both interviews and
Document reviews to assist with developing formal process and procedures.
Assessing agency documentation to ensure adequate approaches are used to comply with controls.