IS Security Risk Analyst III # JN -062021-65966

Columbia, South Carolina
Industry: Admin/Networking/System Engineer
Job Number: JN -062021-65966

Position title : IS Security Risk Analyst III

Duration : 6 months

Location : Columbia, SC



IDEAL candidate will have 1 Certification, but Certification is not required as long as candidate meets mins without it and has overall strong background and worked as an IT Auditor.

-- CISSP, CISA, CISM, MCSE, GIAC or equivalent security / infrastructure certification (Highly Desired)




  • 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance
  • experience.
  • Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
  • Experience working on Security Management Plan
  • Experience with working on vulnerability matrices
  • Experience with the scanning and remediation of I/S assets using automated tools is beneficial (i.e. Nessus, AppDetective, Vanguard, etc.). 
  • Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
  • Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
  • Advanced knowledge on security risk assessment execution.
  • Expert level knowledge on risk mitigation strategies.
  • Excel expert with the ability to analyze, trend and forecast from high volumes of compliance data.
  • Proficient with MS Word.



  • Experience with compliance programs within a government agency (i.e. Medicare, Tricare) is preferred. 
  • Any experience with Visio or PowerPoint a plus.
  • Any experience with DoD, DIARMF or FedRamp program are a plus.
  • SQL experience a plus.




  • Defining, documenting and implementing Information Security standards and policies across the enterprise
  • Working with external auditors to provide support as needed
  • Reviewing customer contracts, RFP’s and requirements for appropriateness
  • Establishing and maintaining an overall information security program
  • Assuring industry advisories, alerts or other requirements are acted upon in an appropriate and timely manner
  • Assuring incident response measures are in place to respond to information security events
  • Assessing the state of BlueCross BlueShield of SC information security on a periodic basis
  • Providing information security related guidance to I/S
  • Working with Line of Business (LOB) security officers to coordinate efforts
  • Maintaining a repository of information security data and compliance guidance
  • Providing Corporate Security Council coordination and support


Apply Online Apply Later