Work Location: Onsite – Columbia, SC
Duration: 12 Months
We are seeking a Senior Information Systems Security Officer (ISSO) to support the security and compliance operations of a large, complex enterprise environment. This role will act as a trusted cybersecurity consultant, providing leadership and hands-on support for day-to-day information system security and compliance activities aligned with federal, state, and industry regulatory requirements.
The ideal candidate will lead and enhance security governance efforts, ensure regulatory compliance, and integrate security controls throughout the system development lifecycle (SDLC) while collaborating with technical teams, leadership, business partners, and vendors.
Serve as a senior cybersecurity consultant to executive leadership, internal business units, and external partners
Lead and actively participate in security and compliance activities across complex information systems
Establish, implement, and enhance security and compliance programs aligned with federal and industry standards
Oversee and contribute to the development and maintenance of RMF/A&A artifacts, including:
System Security Plans (SSPs)
Privacy Impact Assessments (PIAs)
Interconnection Security Agreements (ISAs)
Computer Matching Agreements (CMAs)
Integrate RMF/A&A processes into the System Development Life Cycle (SDLC)
Perform detailed architectural reviews and risk analyses related to:
Network design and information flow
System and data access models
Firewall rule requests (ports, protocols, services)
Configuration management deviations
Vulnerability management
Conduct internal audits and assessments of information systems and third-party environments
Serve as the primary point of contact for third-party audits and security assessments
Review contracts, data-sharing agreements, and related documentation for security and compliance risks
Provide actionable recommendations for risk mitigation and security improvements
Document findings, assessments, and recommendations using enterprise tools and reporting platforms
eGRC platforms (e.g., Archer or similar tools)
Enterprise databases (relational and non-relational)
Mainframe environments (e.g., IBM zSeries/System 390)
Linux and Windows server environments
Network security technologies (firewalls, IPS, switching, routing)
SIEM solutions
Identity and Access Management (IAM) systems
Cloud services and vendor security management
5+ years of IT experience working with and/or auditing enterprise systems, including servers, databases, networking infrastructure, and web-based applications
Prior experience working within a FISMA-compliant program
Demonstrated experience with Risk Management Framework (RMF) and Assessment & Authorization (A&A) activities
Prior experience with eGRC tools
Strong working knowledge of:
FISMA
NIST standards
CMS MARS-E
HIPAA Security and Privacy requirements
Experience collaborating across multiple teams and vendors in complex environments
One or more active Information Security certifications, such as:
ISC(2)
ISACA
SANS GIAC
Or equivalent industry-recognized certification
Bachelor’s degree in a related field or 10+ years of relevant professional experience
Prior experience in healthcare or regulated industry environments
Prior ITIL experience related to Information Security Management
Strong analytical and risk assessment skills
Ability to communicate complex technical concepts to both technical and non-technical audiences
Excellent documentation and reporting skills
Intermediate to advanced proficiency in Microsoft Office (Word, Excel, PowerPoint, Visio)
Ability to work independently and collaboratively in a fast-paced environment
Strong organizational, prioritization, and multitasking abilities
High attention to detail with the ability to maintain a strategic, big-picture perspective
Flexible and adaptable mindset with openness to feedback and change