IT - SCDHHS - Security Analyst - Consultant at Sunshine Enterprise USA LLC – Columbia, South Carolina

About Sunshine Enterprise USA LLC
We strive to be the premier national business solution for our clients, associates and business partners.

Connecting Great Companies with Great People

Founded on the principle that the right person in the right role can change everything, SEU-USA is more than just a staffing agency. Consequently, we are a strategic partner dedicated to building the powerful workforces that drive business success across the USA.

Job Title: Security Analyst

Location: Columbia, SC Hybrid (4 days in office, 1 days remote).

Position Type: C2C/W2

Years of Experience:08+ years
Duration of the Contract: 12 months
Interview Process: 2 rounds, Virtual & In Person
Candidate Location: Candidate MUST be a SC resident or willing to relocate to SC prior to starting the role at their own expense.

Project Scope:

We are seeking an experienced Senior Information System Security Officer (ISSO) to support enterprise-level cybersecurity and compliance initiatives within a large, complex information systems environment. This role requires hands-on leadership in security governance, risk management, and regulatory compliance aligned with federal and state standards.

The Security Analyst (Senior ISSO) will actively participate in day-to-day security operations, oversee compliance activities, and serve as a trusted cybersecurity advisor to leadership, internal teams, vendors, and business partners.

Key Responsibilities:

Security Program & Compliance Leadership

· Lead and support FISMA Risk Management Framework (RMF) compliant security programs, including CMS MARS-E and similar frameworks.

· Develop, maintain, and validate security documentation such as:

o System Security Plans (SSPs)

o Privacy Impact Assessments (PIAs)

o Interconnection Security Agreements (ISAs)

o Computer Matching Agreements (CMAs)

· Integrate RMF and Assessment & Authorization (A&A) activities into the System Development Life Cycle (SDLC).

· Serve as the primary point of contact for third-party audits and security assessments.

Risk Management & Architecture Reviews

· Perform detailed architectural and risk reviews, including:

o Network design and information flow

o System and data access models

o Firewall rule requests (ports, protocols, services)

o Configuration baseline deviation requests

o Vulnerability management findings

· Provide sound risk-based recommendations to stakeholders.

Audit, Assessment & Vendor Oversight

· Audit and assess internal systems and external business partner or vendor security controls.

· Conduct security and compliance reviews of:

o Contracts

o Business Associate Agreements (BAAs)

o Data Sharing and Usage Agreements

· Collaborate with vendors and multiple internal teams to ensure compliance with security initiatives.

Tools & Documentation

· Utilize tools such as:

o Archer (eGRC)

o Service management/ticketing systems

o Microsoft Office Suite (Word, Excel, PowerPoint, Visio)

o Atlassian, Bizagi, and other workflow/documentation platforms

· Produce clear, accurate audit and assessment reports aligned with organizational standards.

Required Skills & Experience:

Hands-on experience with the following technologies is highly desirable:

• Archer or other eGRC platforms
• IBM System 390/zSeries
• Linux and Windows Servers
• Relational and NoSQL databases
• Network firewalls, IPS, routing, and switching infrastructure
• SIEM solutions
• Identity and Access Management (IAM) systems
• Cloud security and vendor management environments

Required Qualifications:

5+ years of experience in IT security, infrastructure, or system auditing

Prior experience working within a FISMA-compliant environment

Experience with eGRC tools

Strong working knowledge of:

• FISMA
• NIST
• CMS MARS-E
• HIPAA Security & Privacy rules

Ability to work independently and collaboratively in a fast-paced environment

Strong communication skills with both technical and non-technical stakeholders

Intermediate to advanced proficiency in Microsoft Office tools

Certification:

ISC (2), ISACA, SANS GIAC and/or other Information Security Certification is required.