What are the responsibilities and job description for the Information Systems Security Officer (ISSO) - 60007049 position at State of South Carolina?
Information Systems Security Officer (ISSO)
The Department of Administration's (Admin) Division of Information Security (DIS) is seeking an Information Systems Security Officer (ISSO) to join the team. DIS is responsible for a variety of statewide policies, standards, programs and services related to cybersecurity and information systems, including the statewide coordination of critical infrastructure information. In this role you will ensure the confidentiality, integrity, and availability of business office information systems and associated data. You will lead the implementation of state security policies, procedures, and controls. Acting as a liaison between IT, business operations, and compliance teams, you will identify risks, manage findings and POA&Ms, and ensure Admin systems meet applicable standards all while supporting business continuity and operational efficiency. If you are a forward-thinking security leader with an actionable mind set and want to make a difference, join us in our effort to protect SC.
This position is onsite in beautiful Columbia, South Carolina.
Responsibilities of the ISSO:- Manage Admin compliance and audit activities. Identify and score risks based on impact and likelihood. Prioritize remediation activities according to risk score and difficulty. Clearly define stakeholder responsibilities and drive remediation toward successful or agreed-upon outcomes.
- Ensure alignment with all state security policies and integrated control solutions. Monitor and coordinate deviations from policy; when necessary, perform mitigation actions. Assist and advise agency staff and customers on security implementation as the INFOSEC SME for Admin.
- Draft, publish, and improve documentation to support consistent, measurable, and repeatable processes. Coordinate assessments and collaborate with audit, assessment teams, and system owners. Manage the risk and findings backlog; report status updates monthly to leadership.
- Ensure all information owned, collected, or controlled by the agency is processed and stored in accordance with applicable laws and and SCDIS-200 requirements.
- Oversee the evaluation, selection, and implementation of innovative, cost-effective, and minimally disruptive information security solutions. Ensure agency system access and data control through proper inclusion of information security language and requirements in contracts.
- Maintain awareness of emerging threats, technologies, and best practices. Continuously strengthen the organization’s security posture through proactive engagement and implementation of improvements.
- Other duties as assigned. This is an essential position that directly contributes the security of state systems and resources.
- A bachelor’s degree in computer science or a related field. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.
- At least four (4) years of experience in information security, two (2) of which are in a leadership role.
- Candidate must successfully pass all initial and recurring security background checks as a condition of hire and continued employment.
Additional Requirements:
- Knowledge of security administration for various operating systems and software.
- Knowledge of security, privacy, risk, and control frameworks and standards such as NIST, CIS, CJIS, HIPAA, FERPA, PCI, and the SC DIS-200.
- Analytical problem-solving skills and ability to develop project plans for information security systems.
- Knowledge and understanding of information risk concepts and principles, and ability to relate business needs and security controls.
- Ability to document and present security findings clearly and logically.
- Ability to explain information security concepts to audiences outside the field and to executive-level staff.
- Knowledge of South Carolina state government procedures and processes.
- Knowledge of South Carolina state procurement and contracting principles.
- Experience with contract and vendor negotiations.
- Professional certifications such as CISSP, CISM, CRISC, GIAC, CIPM, CIPP.
Applicants indicating college credit or degree(s) on the application will be required to bring a copy of college transcript to the interview. A copy of the transcript may also be uploaded as an attachment to the application, if required by the hiring department or if desired by the applicant. Please note that some areas of the Department may require an official, certified copy of the transcript prior to hiring or within a specific timeframe required by that area, after hiring. Failure to produce an official, certified transcript may result in not being hired or termination. The Department of Administration is committed to providing equal employment opportunities to all applicants and does not discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth, or related medical conditions including, but not limited, to lactation), national origin, age (40 or older), disability or genetic information.
Supplemental questions are considered part of your official application. Any misrepresentation will result in your disqualification from employment. Please complete the state application to include all current and previous work history and education. A resume will not be accepted nor reviewed to determine if an applicant has met the qualifications for the position.
The South Carolina Department of Administration offers an exceptional benefits package for full time (FTE) employees:
- Health, dental, vision, long-term disability, and life insurance for employees, spouse, and children. Click herefor additional information.
- 15 days annual (vacation) leave per year
- 15 days sick leave per year
- 13 paid holidays
- Paid Parental Leave
- S.C. Deferred Compensation Program available (S.C. Deferred Compensation)
- Retirement benefit choices *
- State Retirement Plan (SCRS)
- State Optional Retirement Program (State ORP)
Salary : $79,600 - $143,300