Security Analyst

Overview

The Senior ISSO will report to the ISSO Team Lead within OCS and serve as an experienced cybersecurity consultant to SCDHHS leadership, business units, business partners, and vendors.

Security Program & Compliance

• Provide leadership within FISMA/RMF-compliant programs, with strong preference for experience in:
• CMS MARS-E
• ARC-AMPE
• Develop, maintain, and assess RMF/A&A artifacts including:
• System Security Plans (SSPs)
• Privacy Impact Assessments (PIAs)
• Interconnection Security Agreements (ISAs)
• Computer Matching Agreements (CMAs)
• Conduct interviews, audits, and assessments to validate compliance artifacts.
• Integrate RMF/A&A activities into the System Development Life Cycle (SDLC).
• Support cloud security governance and vendor security management efforts.

Technical & Architectural Reviews

• Perform detailed architectural reviews and risk analyses, including:
• Network design and information flow
• System and data access models
• Firewall rule reviews (ports, protocols, services)
• Configuration deviation requests
• Vulnerability management reviews

Audit, Risk & Governance

• Champion security and compliance initiatives across SCDHHS.
• Audit and assess internal systems and third-party/vendor environments.
• Serve as primary point of contact for third-party audits and assessments.
• Review and assess:
• Contracts
• Business Associate Agreements (BAAs)
• Data usage and data-sharing agreements
• Provide security risk mitigation recommendations to leadership and stakeholders.

Documentation & Reporting

• Document findings using tools such as:
• Microsoft Office (Word, Excel, PowerPoint, Visio)
• System Center Service Manager (ticketing)
• Archer eGRC
• Bizagi
• Atlassian products
• Produce clear, compliant audit and assessment documentation following branding and style guidelines.

Technical Knowledge (Preferred)

• Hands-on experience with one or more of the following:
• Archer (eGRC)
• Enterprise No
  
  SQL databases
• IBM System 390 / zSeries
• Linux and Windows servers
• Network firewalls, IPS, switching and routing
• SIEM solutions
• Identity and Access Management (IAM) solutions

Required Skills (Ranked)

• 5+ years of IT experience working with and/or auditing:
• IBM System 390/zSeries
• Windows and Linux systems
• Relational and non-relational databases
• Networking infrastructure
• Web-based applications

• Prior experience working within a FISMA-compliant program
• Experience using eGRC systems

Preferred Skills

• ITIL experience in Information Security Management
• Prior Health Information Technology experience

Required Education & Certifications

• One or more Information Security certifications:
• ISC2
• ISACA
• SANS GIAC
• Or equivalent

Preferred Education

• Bachelor's degree in Computer Science or a related field OR
• 10+ years of relevant professional experience

Core Competencies

• Strong knowledge of FISMA, NIST, CMS MARS-E, and HIPAA
• Ability to work independently and collaboratively
• Strong multitasking and prioritization skills
• Effective communication with technical and non-technical audiences
• High attention to detail with strong big-picture awareness
• Adaptability to change and constructive feedback