IS Security Risk Analyst III

Join our dynamic team in Columbia, SC, a vibrant city known for its rich history and thriving tech industry. We are seeking a skilled professional to plan and perform compliance and risk assessment activities for information systems and related processes. This role offers an exciting opportunity to influence our I/S and corporate compliance culture and make a significant impact.

Duties

• Plan and perform compliance and risk assessment activities for information systems and related processes.
• Communicate and escalate compliance and risk issues to the appropriate department and/or level of management.
• Independently monitor remediation of new and outstanding issues, including Information Security Risk Exception process.
• Utilize tools to track and report on compliance posture.
• Conduct formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks.
• Facilitate development, implementation, and documentation of Information Security policies, procedures, processes, and programs.
• Analyze and interpret security regulations and controls to advise on security compliance across multiple business areas.
• Serve as an interface with external entities for governance and compliance reviews regarding information security risk.
• Investigate, document, and resolve Information Security Incidents.
• Research emerging security topics, threats, and capabilities to create/update policy and governance.
• Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards, and best practices.
  
  

Skills

Required Skills and Abilities:

• Good understanding of Systems Development Life Cycle methodologies.
• Subject Matter Expert in government or private risk frameworks and control implementations.
• Good understanding of risk management, information system security, and compliance standards.
• Excellent analytical and decision-making skills.
• Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
• Ability to independently solve problems often spanning multiple environments and business areas.
• Ability to effect change and bring security, risk, and compliance knowledge to the organization through positive influence.
• Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets, and communication protocols.
• Strong communication skills in presenting results both verbally and in writing.
• Possess excellent collaboration skills with a wide variety of internal matrix and management staff.
  
  

Background

• Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
• Experience working on Security Management Plan.
• Experience with working on vulnerability matrices.
• Experience with the scanning and remediation of I/S assets using automated tools is beneficial (i.e. Nessus, AppDetective, Vanguard, etc.).
• Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
• Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
• Advanced knowledge on security risk assessment execution.
• Expert level knowledge on risk mitigation strategies.
• Excel expert with the ability to analyze, trend, and forecast from high volumes of compliance data.
• Proficient with MS Word.
  
  

Preferred / Highly Desired Background

• Experience with compliance programs within a government agency (i.e. Medicare, Tricare) is preferred.
• Direct experience with NIST 800-53 security frameworks.
• Any experience with Visio or PowerPoint a plus.
• Any experience with DoD, DIARMF, or FedRamp program are a plus.
• SQL experience a plus.
  
  

Work Environment

Fast-paced, multi-platformed environment which may require action and response 24X7 to support the technical business needs of the customer.