Information Systems Security Officer (ISSO) - 60007049

Full Job Description

This position is onsite in beautiful Columbia, South Carolina.

• Manage Admin compliance and audit activities. Identify and score risks based on impact and likelihood. Prioritize remediation activities according to risk score and difficulty. Clearly define stakeholder responsibilities and drive remediation toward successful or agreed-upon outcomes.
• Ensure alignment with all state security policies and integrated control solutions. Monitor and coordinate deviations from policy; when necessary, perform mitigation actions. Assist and advise agency staff and customers on security implementation as the INFOSEC SME for Admin.
• Draft, publish, and improve documentation to support consistent, measurable, and repeatable processes. Coordinate assessments and collaborate with audit, assessment teams, and system owners. Manage the risk and findings backlog; report status updates monthly to leadership.
• Ensure all information owned, collected, or controlled by the agency is processed and stored in accordance with applicable laws and and SCDIS-200 requirements.
• Oversee the evaluation, selection, and implementation of innovative, cost-effective, and minimally disruptive information security solutions. Ensure agency system access and data control through proper inclusion of information security language and requirements in contracts.
• Maintain awareness of emerging threats, technologies, and best practices. Continuously strengthen the organization’s security posture through proactive engagement and implementation of improvements.
• Other duties as assigned. This is an essential position that directly contributes the security of state systems and resources.

Requirements

• A bachelor’s degree in computer science or a related field. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.
• At least four (4) years of experience in information security, two (2) of which are in a leadership role.
• Candidate must successfully pass all initial and recurring security background checks as a condition of hire and continued employment.

• Knowledge of security administration for various operating systems and software.
• Knowledge of security, privacy, risk, and control frameworks and standards such as NIST, CIS, CJIS, HIPAA, FERPA, PCI, and the SC DIS-200.
• Analytical problem-solving skills and ability to develop project plans for information security systems.
• Knowledge and understanding of information risk concepts and principles, and ability to relate business needs and security controls.
• Ability to document and present security findings clearly and logically.
• Ability to explain information security concepts to audiences outside the field and to executive-level staff.
• Knowledge of South Carolina state government procedures and processes.
• Knowledge of South Carolina state procurement and contracting principles.
• Experience with contract and vendor negotiations.
• Professional certifications such as CISSP, CISM, CRISC, GIAC, CIPM, CIPP.

Additional Information

Supplemental questions are considered part of your official application. Any misrepresentation will result in your disqualification from employment.

Please complete the state application to include all current and previous work history and education.

A resume will not be accepted nor reviewed to determine if an applicant has met the qualifications for the position.

The South Carolina Department of Administration offers an exceptional benefits package for full time (FTE) employees:

• Health, dental, vision, long-term disability, and life insurance for employees, spouse, and children. Click herefor additional information.
• 15 days annual (vacation) leave per year
• 15 days sick leave per year
• 13 paid holidays
• Paid Parental Leave
• S.C. Deferred Compensation Program available (S.C. Deferred Compensation)
• Retirement benefit choices *
  • State Retirement Plan (SCRS)
  • State Optional Retirement Program (State ORP)