Job Description

Project Overview

The Security Analyst Consultant will support the organization s Information Security and Compliance program. This role functions as a Senior Information System Security Officer (ISSO), responsible for leading and participating in day-to-day security and compliance activities across complex information system environments. The consultant will ensure alignment with State/Agency security policies and federal regulatory frameworks such as FISMA , NIST , CMS MARS-E , and HIPAA .

• Report to the ISSO Team Lead and operate as an experienced cybersecurity consultant for leadership, business units, partners, and vendors.
• Support and enhance the organization s Security and Compliance Program across multiple platforms and environments.

• Lead and contribute to RMF-compliant security program activities, especially for CMS MARS-E or similar frameworks.
• Develop and maintain System Security Plans (SSPs) , Privacy Impact Assessments (PIAs) , Interconnection Security Agreements (ISAs) , Computer Matching Agreements (CMAs) , and related RMF artifacts.
• Support audit and assessment activities by conducting interviews, collecting evidence, and validating controls.
• Integrate RMF activities into the System Development Life Cycle (SDLC).
• Provide guidance on cloud security practices and vendor management.

Hands-on experience with any of the following is highly beneficial:

• Archer (eGRC)
• Enterprise NoSQL Databases
• IBM System 390/zSeries
• Linux and Windows servers
• Network Firewalls, IPS, Switching, Routing
• SIEM platforms
• Identity and Access Management (IAM) solutions

• Conduct architectural security reviews and risk assessments, including:
• Network design & data flow
• Access models
• Firewall rule evaluations
• Configuration deviation requests
• Vulnerability management

• Lead and support the development and improvement of security and compliance programs.
• Conduct audits and assessments of internal systems and partner environments.
• Use tools such as Microsoft Office, ticketing systems, eGRC platforms, Bizagi, and Atlassian for documentation and reporting.
• Review and provide input on contracts, Business Associate Agreements, data sharing agreements, and related artifacts.
• Serve as a primary contact for third-party audits or assessments.
• Provide recommendations to leadership and business partners for security and compliance improvements.

• Strong working knowledge of FISMA , NIST , CMS MARS-E , and HIPAA security and privacy requirements.
• 5+ years IT experience working with and/or auditing:
• IBM System 390/zSeries
• Windows & Linux
• Relational and NoSQL databases
• Network infrastructure
• Web applications

• Prior experience in FISMA/NIST-compliant environments.
• Experience with eGRC systems.
• Prior experience in Health IT environments.
• One or more required security certifications: ISC(2), ISACA, SANS GIAC , or equivalent.
• Strong collaboration and communication skills with technical and non-technical audiences.
• Ability to manage multiple priorities, meet deadlines, and work both independently and in a team environment.
• Proficiency in Microsoft Office (Word, Excel, PowerPoint, Visio).
• High attention to detail and ability to understand complex processes.
• Ability to adapt to feedback and work effectively with diverse stakeholder groups.

• Bachelor s degree in Computer Science or related field, or 10+ years of relevant experience.
• 3 5+ years of risk management experience.
• Prior ITIL experience in Information Security Management.

Job Tags

Similar Jobs