Security Analyst Consultant - SAC 25-33068

Title: Security Analyst Consultant
Location: Columbia, SC
Duration: 12 Months
Interview Process: 2 Rounds (Virtual & In-Person)

Project Overview

The Security Analyst Consultant will support the organization s Information Security and Compliance program. This role functions as a Senior Information System Security Officer (ISSO), responsible for leading and participating in day-to-day security and compliance activities across complex information system environments. The consultant will ensure alignment with State/Agency security policies and federal regulatory frameworks such as FISMA, NIST, CMS MARS-E, and HIPAA.

Daily Duties & Responsibilities

• Report to the ISSO Team Lead and operate as an experienced cybersecurity consultant for leadership, business units, partners, and vendors.

• Support and enhance the organization s Security and Compliance Program across multiple platforms and environments.

Security Program Responsibilities

• Lead and contribute to RMF-compliant security program activities, especially for CMS MARS-E or similar frameworks.

• Develop and maintain System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs), and related RMF artifacts.

• Support audit and assessment activities by conducting interviews, collecting evidence, and validating controls.

• Integrate RMF activities into the System Development Life Cycle (SDLC).

• Provide guidance on cloud security practices and vendor management.

Technical Knowledge (Desired)

Hands-on experience with any of the following is highly beneficial:

• Archer (eGRC)

• Enterprise NoSQL Databases

• IBM System 390/zSeries

• Linux and Windows servers

• Network Firewalls, IPS, Switching, Routing

• SIEM platforms

• Identity and Access Management (IAM) solutions

General Responsibilities

• Conduct architectural security reviews and risk assessments, including:

  • Network design & data flow

  • Access models

  • Firewall rule evaluations

  • Configuration deviation requests

  • Vulnerability management

• Lead and support the development and improvement of security and compliance programs.

• Conduct audits and assessments of internal systems and partner environments.

• Use tools such as Microsoft Office, ticketing systems, eGRC platforms, Bizagi, and Atlassian for documentation and reporting.

• Review and provide input on contracts, Business Associate Agreements, data sharing agreements, and related artifacts.

• Serve as a primary contact for third-party audits or assessments.

• Provide recommendations to leadership and business partners for security and compliance improvements.

Required Knowledge & Skills

• Strong working knowledge of FISMA, NIST, CMS MARS-E, and HIPAA security and privacy requirements.

• 5 years IT experience working with and/or auditing:

  • IBM System 390/zSeries

  • Windows & Linux

  • Relational and NoSQL databases

  • Network infrastructure

  • Web applications

• Prior experience in FISMA/NIST-compliant environments.

• Experience with eGRC systems.

• Prior experience in Health IT environments.

• One or more required security certifications: ISC(2), ISACA, SANS GIAC, or equivalent.

• Strong collaboration and communication skills with technical and non-technical audiences.

• Ability to manage multiple priorities, meet deadlines, and work both independently and in a team environment.

• Proficiency in Microsoft Office (Word, Excel, PowerPoint, Visio).

• High attention to detail and ability to understand complex processes.

• Ability to adapt to feedback and work effectively with diverse stakeholder groups.

Preferred Qualifications

• Bachelor s degree in Computer Science or related field, or 10 years of relevant experience.

• 3 5 years of risk management experience.

• Prior ITIL experience in Information Security Management.