Senior Information Security GRC Analyst
***POSITION IS FULLY REMOTE BUT MAY REQUIRE OCCASIONAL TRAVEL TO COLUMBIA, SC***
This position is ideal for an experienced Governance, Risk, and Compliance (GRC) professional with deep expertise in NIST 800-53, security audits, compliance frameworks, risk management, and information security program development.
Key Responsibilities
Support South Carolina state agencies in developing and improving information security programs.
Perform governance, risk, and compliance (GRC) assessments across multiple agencies.
Conduct interviews with business leaders, technical staff, and third-party stakeholders to document security processes and procedures.
Develop, review, and maintain security implementation plans and monitor agency progress.
Evaluate agency documentation for compliance with state security policies and regulatory requirements.
Perform high-level assessments of agency security programs and provide recommendations for improvement.
Develop formal documentation, procedures, and security artifacts.
Analyze business processes and recommend process improvements.
Manage multiple concurrent security initiatives while meeting project deadlines.
Required Qualifications
Bachelor's degree (completed and verifiable)
10+ years of Information Security and Compliance experience
2+ years conducting security audits or serving as an Information System Security Officer (ISSO)
2+ years of hands-on experience with NIST 800-53
Experience developing or managing POA&M (Plan of Action & Milestones) or Corrective Action Plans (CAP)
3+ years using a Governance, Risk, and Compliance (GRC) platform such as RSA Archer or similar
Strong written and verbal communication skills
Experience documenting security processes, procedures, and compliance activities
Ability to manage multiple security initiatives simultaneously
Strong analytical, organizational, and stakeholder management skills
Preferred Qualifications
Experience developing Information Security Plans (ISPs) or System Security Plans (SSPs)
Knowledge of:
IRS Publication 1075
HIPAA
CJIS
MARS-E
PCI-DSS
Government or public-sector information security experience
Experience supporting statewide or enterprise security programs
Professional certifications such as:
CISA
GSLC
Equivalent cybersecurity certification
Desired Skills
Governance, Risk & Compliance (GRC)
NIST 800-53
Information Security Assessments
Security Auditing
Risk Assessments
POA&M Development
Compliance Management
Security Documentation
Security Program Implementation
Business Process Analysis
Process Improvement
Security Policies & Procedures
Stakeholder Engagement
Archer (or equivalent GRC platform)
Project Coordination
Work Environment
Fully remote position with preference for candidates who can attend onsite meetings in Columbia, SC as needed.
Virtual interviews; local candidates are preferred.
State-issued VPN access will be provided.
Background investigation and CJIS certification are required after hire.