Information Security Consultant

Job Profile: Information Security Consultant

Client: State of South Carolina

Department: South Carolina Department of Health and Human Services (SCDHHS) – Office of Cybersecurity (OCS)

Position Type: Contract | Public Sector / Government

Work Location: Fully Onsite – 5 Days a Week

Job Location: Jefferson Square / 1801 Main Street, Columbia, SC 29201

Duration: 12 + Months

Position Overview

The Senior Information System Security Officer (ISSO) will lead Security, Risk, and Compliance initiatives supporting new and existing cybersecurity programs at SCDHHS, South Carolina’s Medicaid agency.

This role requires deep expertise in FISMA, NIST, CMS MARS-E, and HIPAA, and the ability to work independently while collaborating with leadership, business units, vendors, and external stakeholders.

This is a new role, created to support increased cybersecurity and compliance initiatives.

Why Join This Team

• Work on mission-critical Medicaid systems
• Exposure to complex, large-scale government cybersecurity programs
• Highly collaborative environment with motivated professionals
• Opportunity to lead and shape enterprise security and compliance initiatives
• High-impact, change-oriented projects with minimal supervision

Scope of the Project

The Office of Cybersecurity (OCS) is responsible for the security and compliance of all SCDHHS systems and data. The Senior ISSO will oversee and actively participate in daily security and compliance operations across complex IT environments and lead RMF-based initiatives aligned with federal, state, and agency standards.

Key Responsibilities

• Security Program & RMF Leadership
• Lead and support FISMA / RMF-compliant programs (CMS MARS-E, ARC-AMPE preferred)
• Develop and maintain RMF artifacts, including:
• System Security Plans (SSPs)
• Privacy Impact Assessments (PIAs)
• Interconnection Security Agreements (ISAs)
• Computer Matching Agreements (CMAs)
• Integrate RMF and A&A activities into the System Development Life Cycle (SDLC)
• Serve as a cybersecurity consultant to leadership and stakeholders

Technical & Architectural Responsibilities

Perform architectural reviews and security risk analyses for:

• Network design and information flow
• System and data access models
• Firewall rules (ports, protocols, services)
• Configuration deviation requests
• Vulnerability management

Audit internal systems and third-party/vendor security controls

Act as primary contact for third-party audits and assessments

Tools & Technologies (Hands-on Experience Preferred)

• Archer (eGRC)
• IBM System 390/zSeries
• Linux and Windows Servers
• Enterprise Relational & NoSQL Databases
• Network Firewalls, IPS, Switching & Routing
• SIEM solutions
• Identity & Access Management (IAM)
• Microsoft Office (Word, Excel, PowerPoint, Visio)
• System Center Service Manager
• Atlassian, Bizagi

Governance & Compliance

Review security requirements for:

• Contracts
• Business Associate Agreements (BAAs)
• Data Usage & Sharing Agreements

Ensure compliance with:

• FISMA
• NIST
• CMS MARS-E
• HIPAA Security & Privacy Rules

Required Skills (Ranked by Importance)

5+ years of IT experience working with or auditing:

• IBM System 390/zSeries
• Windows & Linux
• Relational & Non-Relational Databases
• Networking Infrastructure
• Web-based Applications

Prior experience working within a FISMA-compliant program

Prior experience with eGRC systems

Required Certifications

• ISC(2), ISACA, SANS GIAC, or equivalent Information Security certification (Required)

Preferred Skills

• Prior ITIL experience in Information Security Management
• Health Information Technology (HIT) experience
• Cloud security and vendor management exposure

Preferred Education

• Bachelor’s degree in computer science or related field
• 10+ years of equivalent professional experience

Best Regards,

Amit Mehra

Delivery Manager- Consulting

Phone: 609-371-5400 x 311

Direct Number: 6094012349

Email: amitm@vgroupinc.com

Web: www.vgroupinc.com