Security Analyst

TALENT Software Services • Full-time • Columbia, SC, US • 2w ago

Scope of the Project

The Office of Cybersecurity is responsible for the security and compliance of information systems and data. The office seeks an expert Senior Information System Security Officer (ISSO) to oversee and participate in the daily security and compliance requirements of complex information system environments. The successful candidate will lead the establishment, implementation, and enhancement of information systems security and compliance efforts based on state/agency policy/standards and regulatory guidance such as FISMA, NIST, CMS MARS-E, and HIPAA.

Daily Duties / Responsibilities

The Senior ISSO will report to the Security Risk and Compliance Manager and operate as an experienced cybersecurity consultant to leadership, business units, business partners, and vendors.

Security Program Experience

Leadership experience with CMS MARS-E or other FISMA Risk Management Framework (RMF) compliant programs is strongly desired. Experience should include success in developing and maintaining System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs), and related interviews and audit/assessment activities.
Experience with the development and integration of RMF/A&A tasks and artifacts in RMF roles such as ISSO, Information Security Architect, Security Control Assessor, etc., into the System Development Life Cycle (SDLC).
Experience in security related to Cloud services and vendor management is desirable.

Technical Knowledge

Hands-on experience with any of the following technologies is desirable:

RSA Archer
Enterprise NoSQL Database
IBM System 390/zSeries
Linux and Windows servers
Network Firewalls, Intrusion Prevention Systems (IPS), Switching and Routing Infrastructure
Security Information and Event Management (SIEM) solutions
Identity and Access Management (IAM) solutions

General Duties and Responsibilities

Perform detailed architectural reviews and risk analysis of security-related requests to make sound recommendations.
Champion the design, development, implementation, and maturation of security and compliance efforts.
Audit and assess internal agency systems and business partner/service provider information system security controls.
Utilize Microsoft Office, System Center Service Manager, RSA Archer eGRC system, Bizagi, Atlassian, and other products for documentation and reporting.
Perform security and compliance reviews of contracts, business associate agreements, data usage/sharing agreements, and other documents.
Serve as the primary point of contact for third-party audits and assessments of agency and business partner systems.
Collaborate with leadership, business partners, and stakeholders to provide recommendations for security and compliance risk mitigation efforts.

Required Knowledge/Skills

Strong working knowledge of FISMA, NIST, CMS MARS-E, and HIPAA Security and Privacy.
5 years of experience in IT working with and/or auditing IBM System 390/zSeries, Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications.
Prior experience working within a FISMA compliant program.
Experience with eGRC systems.
Prior health information technology experience.
ISC(2), ISACA, SANS GIAC, or other Information Security Certification is required.
Ability to work independently and as a team member.
Ability to collaborate and coordinate with multiple teams and vendors.
Ability to multitask and prioritize tasks effectively to meet deadlines.
Experience and training with eGRC solutions.
Ability to engage diverse audiences with varying technical and non-technical skill levels.
Intermediate to advanced skills in Microsoft Office products (Word, Excel, PowerPoint, Visio).
Keen attention to detail while maintaining the ability to see the big picture.
Ability to absorb, retain, and communicate complex processes.
Ability to accept changes and constructive criticism and remain flexible.