SCOPE OF THE PROJECT:
The SCDHHS Office of Information Assurance (OIA) is charged with ensuring the security and compliance of SCDHHS’ information systems and data. OIA seeks experienced consultants to assist with the establishment, implementation, and/or enhancement of information system security and compliance efforts based on Federal, State, and Agency regulatory requirements, policies, standards, and guidelines.
Role Summary/Purpose
Overview:
The IA Analyst will report to the Office of Information Assurance and operate as an experienced information assurance consultant to SCDHHS leadership, business units, business partners, vendors, and other stakeholders.
Security Program Experience:
Demonstrated work experience and high degree of familiarity with FISMA or NIST Risk Management Framework-based programs is required. Experience and knowledge of MARS-E is preferred.
This experience should include documented success in the creation and maintenance of Risk Management Framework (RMF) and Assessment and Authorization (A&A) artifacts such as System Security Plans, Privacy Impact Assessments, Interconnection Security Agreements, Computer Matching Agreements, and Plans of Action and Milestones. Such experience will necessarily require excellent communication skills with the ability to interview staff and vendors, to review and analyze existing documentation and diagrams, and to create or collect other required supporting documents as appropriate.
Experience with integrating RMF and A&A tasks into the System Development Life Cycle (SDLC) is preferred.
Experience in security as related to Cloud services and vendor management is desirable for this position.
Technical Knowledge:
Although this is not a technical position, suitable candidates will have a good working knowledge of a broad range of information technologies such as IBM System 390/zSeries, Linux and Windows servers, database management systems, firewalls, IPS solutions, switching and routing infrastructure, data types and data classifications, and related information technologies and concepts.
General Duties and Responsibilities:
1. Assist in the development, implementation, and/or ongoing maturation of SCDHHS security and compliance initiatives.
2. Audit and assess internal agency systems as well as business partner, service provider, and vendor information system security controls.
3. Utilize the Microsoft Office software suite, eGRC system, Bizagi, Atlassian, and other products to document and report on information gathered during audit and assessment activities or other OIA efforts.
4. Participate in third-party audits and/or assessments of agency and business partner systems.
5. Collaborate with agency leadership, business partners, and other parties/stakeholders to provide recommendations for security and compliance risk mitigation efforts.
REQUIRED CERTIFICATION: ISC(2), ISACA, SANS GIAC, or other similar Information Security Certification is required.
EDUCATION PREFERRED: Bachelor’s degree in computer science or similar discipline is preferred.
1. Strong working knowledge of FISMA, NIST, and HIPAA Security and Privacy requirements, standards, and guidelines.
2. 5+ years of experience working in the Information Technology field or auditing Information Technology systems or programs.
3. ISC(2), ISACA, SANS GIAC, or other similar Information Security Certification is required.
4. Documented experience in the creation and maintenance of Risk Management Framework (RMF) and Assessment and Authorization (A&A) artifacts such as System Security Plans, Privacy Impact Assessments, Interconnection Security Agreements, Computer Matching Agreements, and Plans of Action and Milestones.
5. Ability to work independently and as a member of a team.
6. Ability to multitask and prioritize tasks effectively in order to meet deadlines.
7. Ability to engage diverse audiences of varying technical and non-technical skill-levels to ensure effective alignment of technical requirements to business objectives.
8. Ability to collaborate and coordinate efforts among multiple teams and vendors.
9. Must have intermediate to advanced skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency.
10. Keen attention to detail while maintaining the ability to see the big picture.
11. Ability to absorb, retain, and communicate complex processes.
12. Strong English language skills.
13. Demonstrable understanding of the rules of English grammar and usage.
14. Ability to accept changes and constructive criticism and to remain flexible in dealing with leadership and teams of varying technical and business knowledge.
Preferred Requirements/Skills:
1. Bachelor’s degree in computer science or similar discipline.
2. Strong working knowledge of CMS MARS-E compliance requirements.
3. Prior experience working with an organization subject to CMS MARS-E requirements.
4. Experience and training with eGRC solutions.
5. Prior Health Information Technology experience.
6. Previous Medicaid experience.
7. Understanding of LEAN and Agile development practices.
