Information Systems Security Officer

The Department of Administration's (Admin) Division of Information Security (DIS) is seeking an Information Systems Security Officer (ISSO) to join the team. DIS is responsible for a variety of statewide policies, standards, programs and services related to cybersecurity and information systems, including the statewide coordination of critical infrastructure information. In this role you will ensure the confidentiality, integrity, and availability of business office information systems and associated data. You will lead the implementation of state security policies, procedures, and controls. Acting as a liaison between IT, business operations, and compliance teams, you will identify risks, manage findings and POA&Ms, and ensure Admin systems meet applicable standards all while supporting business continuity and operational efficiency. If you are a forward-thinking security leader with an actionable mind set and want to make a difference, join us in our effort to protect SC.

Responsibilities of the ISSO:

• Manage Admin compliance and audit activities. Identify and score risks based on impact and likelihood. Prioritize remediation activities according to risk score and difficulty. Clearly define stakeholder responsibilities and drive remediation toward successful or agreed-upon outcomes.
• Ensure alignment with all state security policies and integrated control solutions. Monitor and coordinate deviations from policy; when necessary, perform mitigation actions. Assist and advise agency staff and customers on security implementation as the INFOSEC SME for Admin.
• Draft, publish, and improve documentation to support consistent, measurable, and repeatable processes. Coordinate assessments and collaborate with audit, assessment teams, and system owners. Manage the risk and findings backlog; report status updates monthly to leadership.
• Ensure all information owned, collected, or controlled by the agency is processed and stored in accordance with applicable laws and and SCDIS-200 requirements. 
• Oversee the evaluation, selection, and implementation of innovative, cost-effective, and minimally disruptive information security solutions. Ensure agency system access and data control through proper inclusion of information security language and requirements in contracts.
• Maintain awareness of emerging threats, technologies, and best practices. Continuously strengthen the organization’s security posture through proactive engagement and implementation of improvements.
• Other duties as assigned. This is an essential position that directly contributes the security of state systems and resources.

Minimum Requirements:

• A bachelor’s degree in computer science or a related field. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis. 
• At least four (4) years of experience in information security, two (2) of which are in a leadership role.
• Candidate must successfully pass all initial and recurring security background checks as a condition of hire and continued employment.

Additional Requirements:

• Knowledge of security administration for various operating systems and software. 
• Knowledge of security, privacy, risk, and control frameworks and standards such as NIST, CIS, CJIS, HIPAA, FERPA, PCI, and the SC DIS-200. 
• Analytical problem-solving skills and ability to develop project plans for information security systems. 
• Knowledge and understanding of information risk concepts and principles, and ability to relate business needs and security controls. 
• Ability to document and present security findings clearly and logically. 
• Ability to explain information security concepts to audiences outside the field and to executive-level staff. 
• Knowledge of South Carolina state government procedures and processes. 
• Knowledge of South Carolina state procurement and contracting principles. 
• Experience with contract and vendor negotiations. 
• Professional certifications such as CISSP, CISM, CRISC, GIAC, CIPM, CIPP.