Search for More Jobs
Forward this job to a friend
Apply by email without Registering
Apply by creating/using account
Please enter your registered email address, and we'll email you a link to reset your password right away.
Client: Department of Health and Human Services
Location: Columbia, SC
Duration: 12 Months
POSITION: Information Assurance Analyst (Consultant)
SCOPE OF THE PROJECT:
The SCDHHS Office of Information Assurance (OIA) is charged with ensuring the security and compliance of SCDHHS' information systems and data. OIA seeks experienced consultants to assist with the establishment, implementation, and/or enhancement of information system security and compliance efforts based on Federal, State, and Agency regulatory requirements, policies, standards, and guidelines.
The IA Analyst will report to the Office of Information Assurance and operate as an experienced information assurance consultant to SCDHHS leadership, business units, business partners, vendors, and other stakeholders.
Security Program Experience:
Demonstrated work experience and high degree of familiarity with FISMA or NIST Risk Management Framework-based programs is required. Experience and knowledge of MARS-E is preferred.
This experience should include documented success in the creation and maintenance of Risk Management Framework (RMF) and Assessment and Authorization (A&A) artifacts such as System Security Plans, Privacy Impact Assessments, Interconnection Security Agreements, Computer Matching Agreements, and Plans of Action and Milestones. Such experience will necessarily require excellent communication skills with the ability to interview staff and vendors, to review and analyze existing documentation and diagrams, and to create or collect other required supporting documents as appropriate.
Experience with integrating RMF and A&A tasks into the System Development Life Cycle (SDLC) is preferred.
Experience in security as related to Cloud services and vendor management is desirable for this position.
Although this is not a technical position, suitable candidates will have a good working knowledge of a broad range of information technologies such as IBM System 390/zSeries, Linux and Windows servers, database management systems, firewalls, IPS solutions, switching and routing infrastructure, data types and data classifications, and related information technologies and concepts.
General Duties and Responsibilities:
1. Assist in the development, implementation, and/or ongoing maturation of SCDHHS security and compliance initiatives.
2. Audit and assess internal agency systems as well as business partner, service provider, and vendor information system security controls.
3. Utilize the Microsoft Office software suite, eGRC system, Bizagi, Atlassian, and other products to document and report on information gathered during audit and assessment activities or other OIA efforts.
4. Participate in third-party audits and/or assessments of agency and business partner systems.
5. Collaborate with agency leadership, business partners, and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.
REQUIRED CERTIFICATION: ISC(2), ISACA, SANS GIAC, or other similar Information Security Certification is required.
EDUCATION PREFERRED: Bachelor's degree in computer science or similar discipline is preferred.
Apply by creating/using account