IT - SCDHHS - Security Analyst - Consultant

Job Title: Security Analyst

Location: Columbia, SC Hybrid (4 days in office, 1 days remote).

Position Type: C2C/W2

Years of Experience:08 years
Duration of the Contract: 12 months
Interview Process: 2 rounds, Virtual & In Person
Candidate Location: Candidate MUST be a SC resident or willing to relocate to SC prior to starting the role at their own expense.

Project Scope:

We are seeking an experienced Senior Information System Security Officer (ISSO) to support enterprise-level cybersecurity and compliance initiatives within a large, complex information systems environment. This role requires hands-on leadership in security governance, risk management, and regulatory compliance aligned with federal and state standards.

The Security Analyst (Senior ISSO) will actively participate in day-to-day security operations, oversee compliance activities, and serve as a trusted cybersecurity advisor to leadership, internal teams, vendors, and business partners.

Key Responsibilities:

Security Program & Compliance Leadership

·        Lead and support FISMA Risk Management Framework (RMF) compliant security programs, including CMS MARS-E and similar frameworks.

·        Develop, maintain, and validate security documentation such as:

o   System Security Plans (SSPs)

o   Privacy Impact Assessments (PIAs)

o   Interconnection Security Agreements (ISAs)

o   Computer Matching Agreements (CMAs)

·        Integrate RMF and Assessment & Authorization (A&A) activities into the System Development Life Cycle (SDLC).

·        Serve as the primary point of contact for third-party audits and security assessments.

Risk Management & Architecture Reviews

·        Perform detailed architectural and risk reviews, including:

o   Network design and information flow

o   System and data access models

o   Firewall rule requests (ports, protocols, services)

o   Configuration baseline deviation requests

o   Vulnerability management findings

·        Provide sound risk-based recommendations to stakeholders.

Audit, Assessment & Vendor Oversight

·        Audit and assess internal systems and external business partner or vendor security controls.

·        Conduct security and compliance reviews of:

o   Contracts

o   Business Associate Agreements (BAAs)

o   Data Sharing and Usage Agreements

·        Collaborate with vendors and multiple internal teams to ensure compliance with security initiatives.

Tools & Documentation

·        Utilize tools such as:

o   Archer (eGRC)

o   Service management/ticketing systems

o   Microsoft Office Suite (Word, Excel, PowerPoint, Visio)

o   Atlassian, Bizagi, and other workflow/documentation platforms

·        Produce clear, accurate audit and assessment reports aligned with organizational standards.

Required Skills & Experience:

Hands-on experience with the following technologies is highly desirable:

• Archer or other eGRC platforms
  
• IBM System 390/zSeries
  
• Linux and Windows Servers
  
• Relational and NoSQL databases
  
• Network firewalls, IPS, routing, and switching infrastructure
  
• SIEM solutions
  
• Identity and Access Management (IAM) systems
  
• Cloud security and vendor management environments
  

Required Qualifications:

5 years of experience in IT security, infrastructure, or system auditing

Prior experience working within a FISMA-compliant environment

Experience with eGRC tools

Strong working knowledge of:

• FISMA
  
• NIST
  
• CMS MARS-E
  
• HIPAA Security & Privacy rules
  

Ability to work independently and collaboratively in a fast-paced environment

Strong communication skills with both technical and non-technical stakeholders

Intermediate to advanced proficiency in Microsoft Office tools

Certification:

ISC (2), ISACA, SANS GIAC and/or other Information Security Certification is required.