Apply on Employer Site

Sunshine Enterprise USA · 6 days ago

IT \- SCDHHS \- Security Analyst \- Consultant

Columbia, South Carolina, United States

Full-time

Hybrid

Senior Level, Lead/Staff

$110K/yr - $110K/yr

8+ years exp

Sunshine Enterprise USA is seeking an experienced Senior Information System Security Officer to support enterprise-level cybersecurity and compliance initiatives. The role involves leadership in security governance, risk management, and regulatory compliance, while also participating in day-to-day security operations and serving as a trusted advisor to various stakeholders.

EmploymentHuman ResourcesRecruitingStaffing Agency

Responsibilities

Lead and support FISMA Risk Management Framework (RMF) compliant security programs, including CMS MARS-E and similar frameworks

Develop, maintain, and validate security documentation such as: System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs)

Integrate RMF and Assessment & Authorization (A&A) activities into the System Development Life Cycle (SDLC)

Serve as the primary point of contact for third-party audits and security assessments

Perform detailed architectural and risk reviews, including: Network design and information flow, System and data access models, Firewall rule requests (ports, protocols, services), Configuration baseline deviation requests, Vulnerability management findings

Provide sound risk-based recommendations to stakeholders

Audit and assess internal systems and external business partner or vendor security controls

Conduct security and compliance reviews of: Contracts, Business Associate Agreements (BAAs), Data Sharing and Usage Agreements

Collaborate with vendors and multiple internal teams to ensure compliance with security initiatives

Utilize tools such as: Archer (eGRC), Service management/ticketing systems, Microsoft Office Suite (Word, Excel, PowerPoint, Visio), Atlassian, Bizagi, and other workflow/documentation platforms

Produce clear, accurate audit and assessment reports aligned with organizational standards

Qualification

FISMANISTEGRC toolsIdentityAccess ManagementCloud securityIBM System 390/zSeriesLinux ServersWindows ServersRelational databasesNoSQL databasesNetwork firewallsSIEM solutionsCMS MARS-EHIPAA Security & PrivacyMicrosoft Office proficiencyTechnical advisory skillsAuditAssessment skillsCommunication skillsWork independentlyCollaboration skills

Required

5+ years of experience in IT security, infrastructure, or system auditing

Prior experience working within a FISMA-compliant environment

Experience with eGRC tools

Strong working knowledge of: FISMA, NIST, CMS MARS-E, HIPAA Security & Privacy rules

Ability to work independently and collaboratively in a fast-paced environment

Strong communication skills with both technical and non-technical stakeholders

Intermediate to advanced proficiency in Microsoft Office tools

ISC (2), ISACA, SANS GIAC and/or other Information Security Certification is required

Preferred

Hands-on experience with the following technologies is highly desirable: Archer or other eGRC platforms, IBM System 390/zSeries, Linux and Windows Servers, Relational and NoSQL databases, Network firewalls, IPS, routing, and switching infrastructure, SIEM solutions, Identity and Access Management (IAM) systems, Cloud security and vendor management environments