Security Analyst Consultant (Information System Security Officer ISSO) - SA 25-30272

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Compu-Vision Consulting, Inc., is seeking the following. Apply via Dice today!

Job Title: Security Analyst Consultant (Information System Security Officer ISSO)

Location: Columbia, SC (Fully Onsite 5 days per week)

Duration: 12 Months

Note: Candidates must be SC residents or willing to relocate at their own expense. Remote work is not available.

Position Overview

The Senior Information System Security Officer (ISSO) will lead security, risk, and compliance activities in support of cybersecurity initiatives for a Medicaid-related agency. The ISSO will direct the establishment, implementation, and/or enhancement of information systems security and compliance programs based on federal, state, and agency policies and regulatory guidance, including FISMA, NIST, CMS MARS-E, HIPAA, and others.

This role requires strong oral and written communication skills, the ability to interact with multiple stakeholders and vendors, and a results-oriented professional capable of operating with minimal supervision.

Scope of the Role

• Oversee day-to-day security and compliance requirements of complex information systems.
• Lead the development and implementation of information security and compliance programs in alignment with organizational policies and regulatory guidance.
• Act as a consultant to leadership, business units, business partners, and vendors on security matters.
  
  

Daily Duties / Responsibilities

• Conduct detailed architectural reviews and risk analyses for security-related requests, including:
• Network design and information flow
• System and data access models
• Firewall rule requests
• Configuration management deviations
• Vulnerability management
• Lead the design, development, and ongoing maturation of agency security and compliance programs.
• Audit and assess internal systems and vendor/business partner information system security controls.
• Utilize tools such as Microsoft Office, Service Desk/Ticketing Systems, eGRC solutions (e.g., Archer), Bizagi, and Atlassian for documentation and reporting.
• Perform security and compliance reviews of contracts, business associate agreements, and data sharing agreements.
• Serve as a primary point of contact for third-party audits or assessments.
• Collaborate with leadership and stakeholders to provide recommendations for risk mitigation.
• Engage diverse audiences to align technical requirements with business objectives.
• Maintain keen attention to detail while keeping a big-picture perspective.
• Adapt to changes and feedback while working effectively with multiple teams and vendors.
  
  

Required Knowledge / Skills

• Strong working knowledge of FISMA, NIST, CMS MARS-E, HIPAA Security and Privacy.
• 5 years of IT experience working with or auditing IBM System 390/zSeries, Windows, Linux, relational and non-relational databases, networking infrastructure, and web applications.
• Prior experience within a FISMA-compliant program.
• Experience with eGRC systems.
• Health IT experience.
• Ability to work independently and collaboratively.
• Excellent multitasking and prioritization skills.
• Ability to engage diverse technical and non-technical audiences.
• Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, Visio).
• Strong attention to detail and ability to absorb, retain, and communicate complex processes.
  
  

Required Education / Certifications

• ISC(2), ISACA, SANS GIAC, or other recognized information security certification.
  
  

Preferred Skills / Qualifications

• Bachelor s degree in Computer Science, Information Security, or related discipline, or 10 years of relevant experience.
• Prior experience with ITIL in Information Security Management.
• Leadership experience with CMS MARS-E, ARC-AMPE, or other FISMA RMF-compliant programs.
• Hands-on experience with security for cloud services and vendor management.
• Familiarity with Archer (eGRC), enterprise NoSQL databases, Linux and Windows servers, network firewalls, IPS, SIEM, IAM, and IBM System 390/zSeries.