Onsite Security Analyst (CISA/CIA/CPA) with Travel and PCI/NIST, Audit, Accounting, risk management, ITIL, I.E., COBIT, COSO, ISO, GAGAS, GAAP, ACL experience

Request ID:BL-10699-1 (98590215)

Onsite Security Analyst (CISA/CIA/CPA) with Travel and PCI/NIST, Audit, Accounting, risk management, ITIL, I.E., COBIT, COSO, ISO, GAGAS, GAAP, ACL experience

Location:Columbia SC
Duration:12+ Months Hrs/Wk:40.00
Comments:This will be 100% onsite and report to the Office of Internal Audits. Not to exceed hourly bill rate of $85 an hour.
**Required to travel and conduct routine, special, and/or investigative audits at agency sites located throughout the entire state of South Carolina
**Should be able to work flexible hours where it may be necessary for work to be completed outside traditional business hours.
**Bachelor’s degree in a related area AND 1-3 years of experience in the field or in a related area.

REQUIRED EDUCATION:
Bachelor’s degree in a related area AND 1-3 years of experience in the field or in a related area.

REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. EXPERIENCE IN PROJECTS INVOLVING PCI/NIST SECURITY IMPLEMENTATIONS AND/OR AUDITS.
2. ACCOUNTING, AUDIT EXPERIENCE.
3. EXPERIENCE WORKING WITH RISK MANAGEMENT, ITIL.
4. Knowledge of Information Technology Field, best practices, organization, and operations.
5. VERBAL COMMUNICATION SKILLS, WRITTEN COMMUNICATION SKILLS, ORGANIZATIONAL SKILLS.
6. Flexible and easily adapts to changing priorities.

CERTIFICATIONS:
PREFER A CISA, CIA, OR CPA

PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1. KNOWLEDGE OF THE FRAMEWORKS AND STANDARDS FOR INFORMATION SYSTEMS AUDITING (I.E., COBIT, COSO, ISO, ITIL OR NIST) AS WELL AS GENERALLY ACCEPTED GOVERNMENT AUDITING STANDARDS (GAGAS) AND/OR GENERALLY ACCEPTED ACCOUNTING PRINCIPLES (GAAP).
2. Ability to integrate technical systems with agency goals and objectives.
3. WORKING KNOWLEDGE OF ACL OR OTHER AUDITING SOFTWARE AND THE ABILITY TO ANALYZE AND INTERPRET COMPLEX ACCOUNTING,

Experience
AdministrativeOrganizational SkillsYes4AdvancedCurrently Using2 – 4 Years
AdministrativeVerbal Communication SkillsYes4AdvancedCurrently Using2 – 4 Years
AdministrativeWritten Communication SkillsYes4AdvancedCurrently Using2 – 4 Years
MiscellaneousFlexible and easily adapts to changing prioritiesYes5ExpertCurrently Using4 – 6 Years
MiscellaneousKNOWLEDGE OF INFORMATION TECHNOLOGY FIELD, BEST PRACTICES, ORGANIZATION AND OPERATIONSYes3AdvancedCurrently Using4 – 6 Years
Network SecurityExperience in projects involving PCI/NIST security implementations and/or audits.Yes1ExpertCurrently Using4 – 6 Years
SpecialtiesAccountingYes2ExpertCurrently Using4 – 6 Years
SpecialtiesAudit experienceYes2ExpertCurrently Using4 – 6 Years

Scope of Work:
DHEC actively strives to conduct routine, special, and investigative audits to assist the Board and DHEC Management in assessing and improving agency programs and operations. The Security Analyst – Project Lead under limited supervision will plan, manage, and conduct Information Technology audits and activities for the Office of Internal Audits. This position will plan and analyze IT systems leveraging COBIT, COSO, ISO, ITIL, NIST, and other relevant frameworks, regulations, and guidelines.
The applicant selected for this opening will be required to travel and conduct routine, special, and/or investigative audits at agency sites located throughout the entire state of South Carolina
The applicant selected will work primarily under the general guidance of the Office of Internal Audits but will also be required to work closely with other teams and Agency staff at all levels.
Applicant should be self-motivated, team-oriented, work under limited supervision, and respond to priority tasks as needed.

DAILY DUTIES / RESPONSIBILITIES:
The Security Analyst – Project Lead will be responsible for planning and conducting Information Technology (IT) audits and activities of the agency for the Office of Internal Audits.
Responsibilities include:
• Identifies risks and evaluates internal controls in information system environments.
• Assist the Internal Audit Director in developing and managing IT Continuous Auditing Programs
• Plans and analyzes IT systems leveraging COBIT, COSO, ISO, ITIL, NIST, and other relevant frameworks, regulations, and guidelines.
• Performs test of design and operating effectiveness over IT general controls.
• Reviews the selection and implementation of IT technical controls.
• Validates baseline security configuration for operating systems, application, networking and telecommunications equipment.
• Prepares working papers and reports to support recommendations and conclusions with related IT standards.
• Develops, builds, and implements tools to analyze data to improve audit efficiency and effectiveness, including risk assessments.
• Provides analytics to be used to incorporate best practices in continuous auditing.
• Performs risk assessments (e.g., data security, IT Governance, Disaster Recovery)
• Provides IT input to Internal Audit Director in development of the Annual Five Year Audit Plan to improve IT compliance and effectiveness of DHEC’s information systems environment.
• Follows up on recommendations made by external auditors or outsourced firms on IT external audit reports; as well as recommendations made from IT internal audit reports.
• Utilizes data analytics software to assist OIA with auditing, consulting, and special reviews.
• Performs data extractions, analytical testing and security reviews utilizing Audit Command Language (ACL) and other analytical tools.
• Provides IT technical support for the Office of Internal Audits (e.g., hardware, software, ACL, etc.).

The applicant will work closely with the Internal Audits team to identify, prioritize, and schedule audits to maintain compliance. The applicant will work closely with customer and subject matter experts for the system design, migration to the new framework, and testing.

RTR – SoSC IT Temp Solicitation_Attachment .docx