Senior Information Systems Security Officer (W2)

The Senior ISSO will report directly to the Security Risk and Compliance Manager within the Office of Cybersecurity (OCS) and act as a seasoned cybersecurity consultant.

This role will involve advising SCDHHS leadership, business units, business partners, and vendors on matters related to cybersecurity and compliance.

Key Responsibilities :

Security Program Experience :

Demonstrated leadership experience with CMS MARS-E or other FISMA Risk Management Framework (RMF) compliant programs is strongly preferred.

Success in developing and maintaining System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), and Computer Matching Agreements (CMAs), as well as conducting associated interviews and audits / assessments, will be highly valued.

• Experience integrating RMF / A&A tasks and artifacts into the System Development Life Cycle (SDLC) in RMF-related roles such as ISSO, Information Security Architect, or Security Control Assessor is ideal.
• Experience in security as it relates to Cloud services and vendor management is desirable

Technical Knowledge :

Hands-on experience with any of the following technologies will be considered a strong advantage :

• RSA Archer
• Enterprise NoSQL Databases
• IBM System 390 / zSeries
• Linux and Windows Servers
• Network Firewalls, Intrusion Prevention Systems (IPS), Switching and Routing Infrastructure
• Security Information and Event Management (SIEM) solutions
• Identity and Access Management (IAM) solutions

General Duties and Responsibilities :

• Conduct detailed architectural reviews and risk analysis of security-related requests to make informed recommendations, including :
• Network Design and Information Flow
• System and Data Access Models
• Review of Firewall Rule Requests (Ports, Protocols, and Services)
• Baseline Configuration Management Deviation Requests
• Vulnerability Management
• Lead efforts in the design, development, implementation, and ongoing enhancement of SCDHHS security and compliance initiatives.
• Audit and assess internal agency systems and business partner / service provider information system security controls.
• Utilize tools such as Microsoft Office, System Center Service Manager (Ticketing system), RSA Archer eGRC system, Bizagi, Atlassian, and others to document and report findings from audit, assessment, and OCS activities.
• Perform security and compliance reviews of various documents, including Contracts, Business Associate Agreements, and Data Usage / Sharing Agreements.
• Serve as the primary point of contact for third-party audits and assessments of both agency and business partner systems.
• Collaborate with agency leadership, business partners, and stakeholders to recommend strategies for security and compliance risk mitigation.

Required Knowledge / Skills :

• In-depth knowledge of FISMA, NIST, CMS MARS-E, and HIPAA Security and Privacy standards.
• 5+ years of experience in IT, particularly in auditing and working with IBM System 390 / zSeries, Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications.
• Previous experience in working within a FISMA-compliant program.
• Familiarity with eGRC systems.
• Experience in Health Information Technology is a plus.
• Certifications such as ISC(2), ISACA, SANS GIAC, or other Information Security certifications are required.
• Ability to work both independently and as part of a team.
• Strong collaboration skills for working with multiple teams and vendors.
• Ability to multitask and prioritize effectively to meet deadlines.
• Experience with eGRC solutions.
• Ability to communicate complex technical information to both technical and non-technical stakeholders.
• Proficiency in Microsoft Office products (Word, Excel, PowerPoint, Visio), including working with templates and style guidelines for branding consistency.
• Exceptional attention to detail while maintaining a broader strategic perspective.
• Ability to adapt to change and receive constructive feedback with a flexible attitude when interacting with leadership and teams of varying technical expertise.

Preferred Requirements / Skills :

• BS in Computer Science or related discipline.
• ITIL experience in the realm of Information Security Management.

Required Skills (Ranked by Importance) :

• 5+ years of experience in IT, specifically auditing and working with IBM System 390 / zSeries, Windows, Linux, Databases (Relational and Non-Relational), Networking Infrastructure, and Web-based Applications.
• Experience in FISMA-compliant programs.
• Experience with eGRC systems.
• Health Information Technology experience.

Preferred Skills (Ranked by Importance) :

ITIL experience in Information Security Management.

Required Education / Certifications :

ISC(2), ISACA, SANS GIAC, or other Information Security certifications are required.

Preferred Education / Certifications :

Bachelor’s degree in a related field, or 10+ years of experience in a related area.

Additional Skills :

• Information Security Compliance Standards : Advanced (2-4 years)
• Cybersecurity : Advanced (6+ years)
• FISMA : Advanced (2-4 years)
• HIPAA Security : Advanced (4-6 years)
• MARS-E : Advanced (2-4 years)
• eGRC Solutions : Intermediate (1-2 years)
• NIST Security : Intermediate (6+ years)
19 hours ago