What are the responsibilities and job description for the IT - SCDHHS - Security Analyst – Consultant position at Sunshine Enterprise USA?
Position: Security Analyst
Location: Columbia, SC
Years of Exp: 10 Years
Contract Type: C2C/W2
Duration: 12 Months
Candidate MUST be a SC resident or willing to relocate to SC prior to starting the role at their own expense.
Summary
We are seeking an experienced Security Analyst / Senior ISSO to oversee and actively participate in the day-to-day security and compliance operations of complex information systems. The ideal candidate will lead the establishment, implementation, and enhancement of Information Systems Security and Compliance efforts based on State/Agency Policy, Standards, and Regulatory Guidance such as FISMA, NIST, CMS MARS-E, HIPAA, and other applicable frameworks.
Key Responsibilities
· Serve as a senior cybersecurity consultant to leadership, business units, partners, and vendors.
· Lead and manage security and compliance programs, including CMS MARS-E, ARC-AMPE, or other FISMA RMF-compliant programs.
· Develop and maintain System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs), and related audit/assessment activities.
· Integrate RMF/A&A tasks into the System Development Life Cycle (SDLC).
· Perform architectural reviews, risk analysis, and security assessments for network design, information flow, system access, firewall rules, baseline configuration, and vulnerability management.
· Audit internal systems and third-party/vendor systems for compliance and security controls.
· Review and provide security input on contracts, data usage agreements, and related documentation.
· Act as a primary point of contact for external audits and assessments.
· Utilize tools such as Microsoft Office Suite, ticketing systems, eGRC platforms (e.g., Archer), Bizagi, Atlassian, and other relevant tools for documentation and reporting.
· Collaborate with stakeholders to recommend and implement security and compliance risk mitigation measures.
Required Skills
· Strong knowledge of FISMA, NIST, CMS MARS-E, and HIPAA Security and Privacy requirements.
· 5 years of experience working with or auditing Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications.
· Experience in FISMA-compliant programs.
· Hands-on experience with eGRC systems.
Preferred
· Health IT experience preferred.
· Relevant Information Security certifications required (ISC², ISACA, SANS GIAC, or equivalent).
· Strong communication and collaboration skills with both technical and non-technical stakeholders.
· Ability to multitask, prioritize, and work effectively in a results-oriented environment.
· Proficiency in Microsoft Office (Word, Excel, PowerPoint, Visio) with attention to detail and consistency in documentation.
Preferred Skills
· BS degree in Computer Science or a related discipline, or 10 years of relevant experience.
· Prior ITIL experience in Information Security Management.
· Experience with Cloud security and vendor management.
Location: Columbia, SC
Years of Exp: 10 Years
Contract Type: C2C/W2
Duration: 12 Months
Candidate MUST be a SC resident or willing to relocate to SC prior to starting the role at their own expense.
Summary
We are seeking an experienced Security Analyst / Senior ISSO to oversee and actively participate in the day-to-day security and compliance operations of complex information systems. The ideal candidate will lead the establishment, implementation, and enhancement of Information Systems Security and Compliance efforts based on State/Agency Policy, Standards, and Regulatory Guidance such as FISMA, NIST, CMS MARS-E, HIPAA, and other applicable frameworks.
Key Responsibilities
· Serve as a senior cybersecurity consultant to leadership, business units, partners, and vendors.
· Lead and manage security and compliance programs, including CMS MARS-E, ARC-AMPE, or other FISMA RMF-compliant programs.
· Develop and maintain System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs), and related audit/assessment activities.
· Integrate RMF/A&A tasks into the System Development Life Cycle (SDLC).
· Perform architectural reviews, risk analysis, and security assessments for network design, information flow, system access, firewall rules, baseline configuration, and vulnerability management.
· Audit internal systems and third-party/vendor systems for compliance and security controls.
· Review and provide security input on contracts, data usage agreements, and related documentation.
· Act as a primary point of contact for external audits and assessments.
· Utilize tools such as Microsoft Office Suite, ticketing systems, eGRC platforms (e.g., Archer), Bizagi, Atlassian, and other relevant tools for documentation and reporting.
· Collaborate with stakeholders to recommend and implement security and compliance risk mitigation measures.
Required Skills
· Strong knowledge of FISMA, NIST, CMS MARS-E, and HIPAA Security and Privacy requirements.
· 5 years of experience working with or auditing Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications.
· Experience in FISMA-compliant programs.
· Hands-on experience with eGRC systems.
Preferred
· Health IT experience preferred.
· Relevant Information Security certifications required (ISC², ISACA, SANS GIAC, or equivalent).
· Strong communication and collaboration skills with both technical and non-technical stakeholders.
· Ability to multitask, prioritize, and work effectively in a results-oriented environment.
· Proficiency in Microsoft Office (Word, Excel, PowerPoint, Visio) with attention to detail and consistency in documentation.
Preferred Skills
· BS degree in Computer Science or a related discipline, or 10 years of relevant experience.
· Prior ITIL experience in Information Security Management.
· Experience with Cloud security and vendor management.