Previous Job
Previous
CL - Security Analyst - Consultant
Ref No.: 17-00213
Location: Columbia, South Carolina
Client: Department of Health and Human Services
Location: Columbia, SC
Duration: 12 Months
Comments:
:::::Important Notes -- Please read before submitting candidates:::::

1 - Candidates are expected to work primarily onsite for the duration of the engagement. Remote work will be approved based upon the manager's discretion. Up to 20% offsite work is possible depending on workload, required meeting attendance, and the quality and timeliness of the work product. (20% of a 40-hour workweek is 8 hours.) We will give preference to candidates with the ability to be onsite within 4 hours during standard business hours.

2 - Resumes should be the work and words of the candidate in order to accurately reflect the candidate's written communication skills.

3 - Candidates with resumes over 5 letter-sized pages will be considered after all other candidates. Shorter resumes which are tailored to show how the candidate's experience directly maps to our needs will result in a greater chance of an interview.


Job Description:
POSITION: Information Assurance Analyst (Consultant)

SCOPE OF THE PROJECT:

The SCDHHS Office of Information Assurance (OIA) is charged with ensuring the security and compliance of SCDHHS' information systems and data. OIA seeks experienced consultants to assist with the establishment, implementation, and/or enhancement of information system security and compliance efforts based on Federal, State, and Agency regulatory requirements, policies, standards, and guidelines.

Role Summary/Purpose

Overview:

The IA Analyst will report to the Office of Information Assurance and operate as an experienced information assurance consultant to SCDHHS leadership, business units, business partners, vendors, and other stakeholders.

Security Program Experience:

Demonstrated work experience and high degree of familiarity with FISMA or NIST Risk Management Framework-based programs is required. Experience and knowledge of MARS-E is preferred.

This experience should include documented success in the creation and maintenance of Risk Management Framework (RMF) and Assessment and Authorization (A&A) artifacts such as System Security Plans, Privacy Impact Assessments, Interconnection Security Agreements, Computer Matching Agreements, and Plans of Action and Milestones. Such experience will necessarily require excellent communication skills with the ability to interview staff and vendors, to review and analyze existing documentation and diagrams, and to create or collect other required supporting documents as appropriate.

Experience with integrating RMF and A&A tasks into the System Development Life Cycle (SDLC) is preferred.

Experience in security as related to Cloud services and vendor management is desirable for this position.

Technical Knowledge:

Although this is not a technical position, suitable candidates will have a good working knowledge of a broad range of information technologies such as IBM System 390/zSeries, Linux and Windows servers, database management systems, firewalls, IPS solutions, switching and routing infrastructure, data types and data classifications, and related information technologies and concepts.

General Duties and Responsibilities:

1. Assist in the development, implementation, and/or ongoing maturation of SCDHHS security and compliance initiatives.
2. Audit and assess internal agency systems as well as business partner, service provider, and vendor information system security controls.
3. Utilize the Microsoft Office software suite, eGRC system, Bizagi, Atlassian, and other products to document and report on information gathered during audit and assessment activities or other OIA efforts.
4. Participate in third-party audits and/or assessments of agency and business partner systems.
5. Collaborate with agency leadership, business partners, and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.

REQUIRED CERTIFICATION: ISC(2), ISACA, SANS GIAC, or other similar Information Security Certification is required.

EDUCATION PREFERRED: Bachelor's degree in computer science or similar discipline is preferred.



Skills:
Category Name Required Importance Level Last Used Experience
Administrative Verbal Communication Skills Yes 1 Lead Currently Using 4 - 6 Years
Administrative Written Communication Skills Yes 1 Lead Currently Using 4 - 6 Years
Education Technical Certifications Yes 1
Education College Degree No 1
Miscellaneous Ability to analyze and document, business and system processes using various methods and tools. Yes 1 Expert 4 - 6 Years
Miscellaneous ABILITY TO DEVELOP, COMMUNICATE AND PRESENT PROJECT DOCUMENTATION AND REPORTS Yes 1 Expert 4 - 6 Years
Miscellaneous KNOWLEDGE OF INFORMATION TECHNOLOGY FIELD, BEST PRACTICES, ORGANIZATION AND OPERATIONS Yes 1 Advanced 4 - 6 Years
MMIS - Medicaid Management Informaiton System HIPAA - The Health Insurance Portability and Accountability Act of 1996 Yes 1
MMIS - Medicaid Management Informaiton System CMS No 1
MMIS - Medicaid Management Informaiton System Medicaid No 1
Network Security Federal Information Security Management Act (FISMA) Yes 1
Network Security information security principles and practices Yes 1 Expert
Network Security NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CONTROLS Yes 1 Expert
Network Security MARS-E No 1
Network Security risk/vulnerability assessments No 1
Network Security SSP No 1
Network Security Writing Plan of action and Milestones (POA&M) No 1
Packaged Applications MS Office (Word, Excel, PowerPoint, Visio) Yes 1 Expert
Packaged Applications working with templates and style guidelines for branding consistency Yes 1 Advanced
Specialties Experience in developing and maintaining documentation for policies, procedures, and best practices Yes 1 Expert
Specialties Public Sector Yes 1
Specialties eGRC solutions No 1
Required Knowledge/Skills:

1. Strong working knowledge of FISMA, NIST, and HIPAA Security and Privacy requirements, standards, and guidelines.
2. 5+ years of experience working in the Information Technology field or auditing Information Technology systems or programs.
3. ISC(2), ISACA, SANS GIAC, or other similar Information Security Certification is required.
4. Documented experience in the creation and maintenance of Risk Management Framework (RMF) and Assessment and Authorization (A&A) artifacts such as System Security Plans, Privacy Impact Assessments, Interconnection Security Agreements, Computer Matching Agreements, and Plans of Action and Milestones.
5. Ability to work independently and as a member of a team.
6. Ability to multitask and prioritize tasks effectively in order to meet deadlines.
7. Ability to engage diverse audiences of varying technical and non-technical skill-levels to ensure effective alignment of technical requirements to business objectives.
8. Ability to collaborate and coordinate efforts among multiple teams and vendors.
9. Must have intermediate to advanced skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency.
10. Keen attention to detail while maintaining the ability to see the big picture.
11. Ability to absorb, retain, and communicate complex processes.
12. Strong English language skills.
13. Demonstrable understanding of the rules of English grammar and usage.
14. Ability to accept changes and constructive criticism and to remain flexible in dealing with leadership and teams of varying technical and business knowledge.

Preferred Requirements/Skills:
1. Bachelor's degree in computer science or similar discipline.
2. Strong working knowledge of CMS MARS-E compliance requirements.
3. Prior experience working with an organization subject to CMS MARS-E requirements.
4. Experience and training with eGRC solutions.
5. Prior Health Information Technology experience.
6. Previous Medicaid experience.
7. Understanding of LEAN and Agile development practices.