IT - SCDHHS - Security Analyst - Consultant
About The Position
We are seeking an experienced Senior Information System Security Officer (ISSO) to support enterprise-level cybersecurity and compliance initiatives within a large, complex information systems environment. This role requires hands-on leadership in security governance, risk management, and regulatory compliance aligned with federal and state standards. The Security Analyst (Senior ISSO) will actively participate in day-to-day security operations, oversee compliance activities, and serve as a trusted cybersecurity advisor to leadership, internal teams, vendors, and business partners.
Requirements
- 5+ years of experience in IT security, infrastructure, or system auditing
- Prior experience working within a FISMA-compliant environment
- Experience with eGRC tools
- Strong working knowledge of: FISMA NIST CMS MARS-E HIPAA Security & Privacy rules
- Ability to work independently and collaboratively in a fast-paced environment
- Strong communication skills with both technical and non-technical stakeholders
- Intermediate to advanced proficiency in Microsoft Office tools
- ISC (2), ISACA, SANS GIAC and/or other Information Security Certification is required.
Nice To Haves
- Hands-on experience with the following technologies is highly desirable: Archer or other eGRC platforms IBM System 390/zSeries Linux and Windows Servers Relational and NoSQL databases Network firewalls, IPS, routing, and switching infrastructure SIEM solutions Identity and Access Management (IAM) systems Cloud security and vendor management environments
Responsibilities
- Lead and support FISMA Risk Management Framework (RMF) compliant security programs, including CMS MARS-E and similar frameworks.
- Develop, maintain, and validate security documentation such as: System Security Plans (SSPs) Privacy Impact Assessments (PIAs) Interconnection Security Agreements (ISAs) Computer Matching Agreements (CMAs)
- Integrate RMF and Assessment & Authorization (A&A) activities into the System Development Life Cycle (SDLC).
- Serve as the primary point of contact for third-party audits and security assessments.
- Perform detailed architectural and risk reviews, including: Network design and information flow System and data access models Firewall rule requests (ports, protocols, services) Configuration baseline deviation requests Vulnerability management findings
- Provide sound risk-based recommendations to stakeholders.
- Audit and assess internal systems and external business partner or vendor security controls.
- Conduct security and compliance reviews of: Contracts Business Associate Agreements (BAAs) Data Sharing and Usage Agreements
- Collaborate with vendors and multiple internal teams to ensure compliance with security initiatives.
- Utilize tools such as: Archer (eGRC) Service management/ticketing systems Microsoft Office Suite (Word, Excel, PowerPoint, Visio) Atlassian, Bizagi, and other workflow/documentation platforms
- Produce clear, accurate audit and assessment reports aligned with organizational standards.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
