Security Analyst Consultant

Job :Security Analyst Consultant (Senior Information Systems Security Officer ISSO)

Location :1801 Main Street, Columbia, SC 29201
(Onsite)

The Senior Information Systems Security Officer (ISSO) will lead security, risk, and compliance initiatives for the South Carolina Department of Health and Human Services (SCDHHS). This role supports Medicaid systems by establishing, implementing, and enhancing cybersecurity and compliance programs aligned with FISMA, NIST, CMS MARS-E, and HIPAA standards.

• New role created to support expanding cybersecurity initiatives
• Opportunity to work on complex, mission-critical public sector systems
• Collaborative environment with motivated teams and leadership

Responsibilities

• Lead and support daily security and compliance operations for complex systems
• Establish, implement, and mature security programs aligned with federal and state regulations
• Develop and maintain RMF/A&A artifacts including:
  • System Security Plans (SSPs)
  • Privacy Impact Assessments (PIAs)
  • Interconnection Security Agreements (ISAs)
  • Computer Matching Agreements (CMAs)
• Perform architectural security reviews and risk analysis, including:
  • Network design and data flow
  • System and data access models
  • Firewall rule reviews (ports, protocols, services)
  • Configuration deviation requests
  • Vulnerability management
• Audit and assess internal systems and third-party/vendor environments
• Review security and compliance aspects of:
  • Contracts
  • Business Associate Agreements (BAAs)
  • Data sharing agreements
• Serve as primary point of contact for third-party audits and assessments
• Provide risk mitigation recommendations to leadership and stakeholders
• Document findings using Archer eGRC, Microsoft Office, Service Manager, and other tools
• Collaborate with leadership, business units, partners, and vendors
• Work independently with minimal supervision

Required Skills & Experience

• 5 years of IT security experience
• Experience working within a FISMA-compliant program
• Hands-on experience with eGRC tools (e.g., Archer)
• Strong knowledge of:
  • FISMA
  • NIST
  • CMS MARS-E
  • HIPAA Security & Privacy
• Experience auditing or securing:
  • IBM System 390 / zSeries
  • Windows and Linux servers
  • Relational and NoSQL databases
  • Network infrastructure (firewalls, IPS, routing, switching)
  • Web-based applications
• Ability to multitask, prioritize, and meet deadlines
• Strong written and verbal communication skills
• Ability to engage technical and non-technical stakeholders

Preferred Skills

• Experience with ITIL in Information Security Management

• Health Information Technology (HIT) experience
• Cloud security and vendor management experience
• Familiarity with:
  • SIEM solutions
  • Identity and Access Management (IAM)
  • Bizagi, Atlassian tools

Required Certifications

• One or more of the following:

  • ISC(2) (e.g., CISSP)
  • ISACA (e.g., CISM, CISA)
  • SANS GIAC
  • Other equivalent Information Security certifications

Preferred Education

• Bachelor s degree in Computer Science or related field

  OR

• 10 years of equivalent professional experience