Job Title: Security Analyst
Location: Columbia, SC Hybrid (4 days in office, 1 days remote).
Position Type: C2C/W2
Years of Experience:08+ years
Duration of the Contract: 12 months
Interview Process: 2 rounds, Virtual & In Person
Candidate Location: Candidate MUST be a SC resident or willing to relocate to SC prior to starting the role at their own expense.
Project Scope:
We are seeking an experienced Senior Information System Security Officer (ISSO) to support enterprise-level cybersecurity and compliance initiatives within a large, complex information systems environment. This role requires hands-on leadership in security governance, risk management, and regulatory compliance aligned with federal and state standards.
The Security Analyst (Senior ISSO) will actively participate in day-to-day security operations, oversee compliance activities, and serve as a trusted cybersecurity advisor to leadership, internal teams, vendors, and business partners.
Key Responsibilities:
Security Program & Compliance Leadership
• Lead and support
FISMA Risk Management Framework (RMF) compliant security programs, including CMS MARS-E and similar frameworks.
• Develop, maintain, and validate security documentation such as:
oSystem Security Plans (SSPs)
oPrivacy Impact Assessments (PIAs)
oInterconnection Security Agreements (ISAs)
oComputer Matching Agreements (CMAs)
• Integrate RMF and Assessment & Authorization (A&A) activities into the
System Development Life Cycle (SDLC).
• Serve as the primary point of contact for third-party audits and security assessments.
Risk Management & Architecture Reviews
• Perform detailed architectural and risk reviews, including:
oNetwork design and information flow
oSystem and data access models
oFirewall rule requests (ports, protocols, services)
oConfiguration baseline deviation requests
oVulnerability management findings
• Provide sound risk-based recommendations to stakeholders.
Audit, Assessment & Vendor Oversight
• Audit and assess internal systems and external business partner or vendor security controls.
• Conduct security and compliance reviews of:
oContracts
oBusiness Associate Agreements (BAAs)
oData Sharing and Usage Agreements
• Collaborate with vendors and multiple internal teams to ensure compliance with security initiatives.
Tools & Documentation
• Utilize tools such as:
oArcher (eGRC)
oService management/ticketing systems
oMicrosoft Office Suite (Word, Excel, PowerPoint, Visio)
oAtlassian, Bizagi, and other workflow/documentation platforms
• Produce clear, accurate audit and assessment reports aligned with organizational standards.
Required Skills & Experience:
Hands-on experience with the following technologies is highly desirable:
- Archer orother eGRC platforms
- IBM System390/zSeries
- Linux andWindows Servers
- Relationaland NoSQL databases
- Networkfirewalls, IPS, routing, and switching infrastructure
- SIEMsolutions
- Identity andAccess Management (IAM) systems
- Cloudsecurity and vendor management environments
Required Qualifications:
5+ years of experience in IT security, infrastructure, or system auditing
Prior experience working within a FISMA-compliant environment
Experience with eGRC tools
Strong working knowledge of:
- FISMA
- NIST
- CMS MARS-E
- HIPAASecurity & Privacy rules
Ability to work independently and collaboratively in a fast-paced environment
Strong communication skills with both technical and non-technical stakeholders
Intermediate to advanced proficiency in Microsoft Office tools
Certification:
ISC (2), ISACA, SANS GIAC and/or other Information Security Certification is required.