Information Systems Security Officer (ISSO) - 60007049

About The Position

Requirements

• A bachelor's degree in computer science or a related field. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.
• At least four (4) years of experience in information security, two (2) of which are in a leadership role.
• Candidate must successfully pass all initial and recurring security background checks as a condition of hire and continued employment.
• Knowledge of security administration for various operating systems and software.
• Knowledge of security, privacy, risk, and control frameworks and standards such as NIST, CIS, CJIS, HIPAA, FERPA, PCI, and the SC DIS-200.
• Analytical problem-solving skills and ability to develop project plans for information security systems.
• Knowledge and understanding of information risk concepts and principles, and ability to relate business needs and security controls.
• Ability to document and present security findings clearly and logically.
• Ability to explain information security concepts to audiences outside the field and to executive-level staff.
• Knowledge of South Carolina state government procedures and processes.
• Knowledge of South Carolina state procurement and contracting principles.
• Experience with contract and vendor negotiations.
• Professional certifications such as CISSP, CISM, CRISC, GIAC, CIPM, CIPP.

Responsibilities

• Manage Admin compliance and audit activities. Identify and score risks based on impact and likelihood. Prioritize remediation activities according to risk score and difficulty. Clearly define stakeholder responsibilities and drive remediation toward successful or agreed-upon outcomes.
• Ensure alignment with all state security policies and integrated control solutions. Monitor and coordinate deviations from policy; when necessary, perform mitigation actions. Assist and advise agency staff and customers on security implementation as the INFOSEC SME for Admin.
• Draft, publish, and improve documentation to support consistent, measurable, and repeatable processes. Coordinate assessments and collaborate with audit, assessment teams, and system owners. Manage the risk and findings backlog; report status updates monthly to leadership.
• Ensure all information owned, collected, or controlled by the agency is processed and stored in accordance with applicable laws and and SCDIS-200 requirements.
• Oversee the evaluation, selection, and implementation of innovative, cost-effective, and minimally disruptive information security solutions. Ensure agency system access and data control through proper inclusion of information security language and requirements in contracts.
• Maintain awareness of emerging threats, technologies, and best practices. Continuously strengthen the organization's security posture through proactive engagement and implementation of improvements.
• Other duties as assigned. This is an essential position that directly contributes the security of state systems and resources.

Benefits

• Health, dental, vision, long-term disability, and life insurance for employees, spouse, and children.
• 15 days annual (vacation) leave per year
• 15 days sick leave per year
• 13 paid holidays
• Paid Parental Leave
• S.C. Deferred Compensation Program available (S.C. Deferred Compensation)
• Retirement benefit choices
• State Retirement Plan (SCRS)
• State Optional Retirement Program (State ORP)