IT - Security Architect​/GRC Analyst

Senior Information Security GRC Analyst

This position is ideal for an experienced Governance, Risk, and Compliance (GRC) professional with deep expertise in NIST 800-53, security audits, compliance frameworks, risk management, and information security program development.

Key Responsibilities

• Support South Carolina state agencies in developing and improving information security programs.
• Perform governance, risk, and compliance (GRC) assessments across multiple agencies.
• Conduct interviews with business leaders, technical staff, and third-party stakeholders to document security processes and procedures.
• Develop, review, and maintain security implementation plans and monitor agency progress.
• Evaluate agency documentation for compliance with state security policies and regulatory requirements.
• Perform high-level assessments of agency security programs and provide recommendations for improvement.
• Develop formal documentation, procedures, and security artifacts.
• Analyze business processes and recommend process improvements.
• Manage multiple concurrent security initiatives while meeting project deadlines.
• Collaborate with state agencies to ensure compliance with statewide information security standards.

Required Qualifications

• Bachelor's degree (completed and verifiable)
• 10+ years of Information Security and Compliance experience
• 2+ years conducting security audits or serving as an Information System Security Officer (ISSO)
• 2+ years of hands-on experience with NIST 800-53
• Experience developing or managing POA&M (Plan of Action & Milestones) or Corrective Action Plans (CAP)
• 3+ years using a Governance, Risk, and Compliance (GRC) platform such as RSA Archer or similar
• Strong written and verbal communication skills
• Experience documenting security processes, procedures, and compliance activities
• Ability to manage multiple security initiatives simultaneously
• Strong analytical, organizational, and stakeholder management skills

Preferred Qualifications

• Experience developing Information Security Plans (ISPs) or System Security Plans (SSPs)
• Knowledge of: IRS Publication 1075, HIPAA, CJIS, MARS-E, PCI-DSS
• Government or public-sector information security experience
• Experience supporting statewide or enterprise security programs
• Professional certifications such as: CISA, GSLC, Equivalent cybersecurity certification

Desired Skills

• Governance, Risk & Compliance (GRC)
• NIST 800-53
• Information Security Assessments
• Security Auditing
• Risk Assessments
• POA&M Development
• Compliance Management
• Security Documentation
• Security Program Implementation
• Business Process Analysis
• Process Improvement
• Security Policies & Procedures
• Stakeholder Engagement
• Archer (or equivalent GRC platform)
• Project Coordination

Work Environment

• Fully remote position with preference for candidates who can attend onsite meetings in Columbia, SC as needed.
• Virtual interviews; local candidates are preferred.
• State-issued VPN access will be provided.
• Background investigation and CJIS certification are required after hire.