Security Analyst

Job Description

Job Summary: 

The Senior Information System Security Officer (ISSO) Consultant role involves leading security, risk, and compliance activities for large-scale information systems. The consultant will implement and maintain security and compliance programs aligned with regulatory standards, advise stakeholders on cybersecurity risk management, and serve as a primary point of contact for audits and assessments. Location:Columbia, South Carolina, United States\nWashington, District of Columbia, United States Responsibilities:


- Lead and support security and compliance initiatives aligned with FISMA, NIST, CMS MARS-E, and HIPAA.

- Develop, maintain, and review RMF/A&A artifacts including SSPs, PIAs, ISAs, and related documentation.

- Integrate security controls and compliance activities into the System Development Life Cycle (SDLC).

- Perform security architecture reviews, risk assessments, and vulnerability evaluations.

- Review firewall rules, access models, data flows, and configuration deviation requests.

- Conduct audits and assessments of internal systems and third-party vendors.

- Serve as primary point of contact for third-party audits and assessments.

- Review contracts and data-sharing agreements for security and compliance requirements.

- Provide risk mitigation recommendations to leadership and stakeholders.

- Document findings and reports using standard enterprise tools. Required Skills & Certifications:


- 5+ years of IT security experience working with or auditing Windows and Linux systems, databases, networking, and web-based applications.

- Prior experience working within a FISMA-compliant program.

- Experience with eGRC platforms.

- Strong working knowledge of NIST, FISMA, HIPAA, and CMS MARS-E.

- Ability to work independently and collaboratively in a consulting environment.

- One or more active security certifications such as ISC², ISACA, or SANS GIAC.

- Bachelor’s degree in a related field or equivalent professional experience. Preferred Skills & Certifications:


- Experience with cloud security and vendor risk management.

- Familiarity with SIEM, IAM, firewalls, and intrusion prevention systems.

- ITIL experience related to Information Security Management.

- Prior healthcare or public-sector IT experience. Special Considerations:


- In-person interviews are required. Scheduling:

- Not specified.