Description
Title: Security Risk Analyst II
Location: Columbia, SC
Job Type: Contract
Daily Responsibilities:
- Plan/perform compliance and risk assessment activities for information systems and related processes.
- Analyze and trend compliance data from security scans.
- Insure regulatory and policy compliance for confidentiality, integrity and availability of network assets.
- Communicate and escalate compliance and risk issues to the appropriate department and/or level of management.
- Interface with SSOs to gather and document security requirements.
- Provide guidance to functional teams with the interpretation, development, implementation, monitoring, and reporting of control processes, documentation, and compliance routines.
- Conduct procedural and operational review of processes and systems against corporate, Government, and internal compliance standards.
- Act as the representative for security incident investigations, and risk assessment activities conducted by internal and external areas.
- Evaluate technology and business-related controls for integrating business and information system security and risk mitigation efforts.
- Perform vendor security evaluations. Coordinate and validate business risk justification documents for government programs
Technical Background:
- Ideal candidate will hold a security certification such as CISA, CISM, or CISSP.
- Experience with compliance programs within a government agency (ie Medicare, Tricare) is preferred.
- Experienced with vulnerability and configuration management and regulatory/contractual configuration items.
- Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
- Strong knowledge of compliance programs and regulations including HIPAA, FISMA, PCI, NAIC MAR, etc.
- Excel expert with the ability to analyze, trend and forecast from high volumes of data. Excellent verbal and written communication skills.
- Recognizes the vital role of customer service. Proficient with MS Word.
- Any experience with Visio or PowerPoint a plus. Any experience with DoD security is a plus.
- An understanding of vulnerability and configuration scanning/remediation of assets using automated tools (ie Nessus, Tripwire CCM, Solarwinds, etc.) is beneficial.
- Must have the ability to work on complex enterprise level projects as a security subject matter expert.
- Must display excellent communication and interpersonal skills.
- Proficient with Excel and able to analyze, trend and forecast high volumes of compliance data.