Security Analyst (INF-PCI Compliance Analyst)

Direct End Client: State of South CarolinaJob Title: Security Analyst (INF-PCI Compliance Analyst)Duration: 12+ MonthsNo. of Hours Per Week: 40 Hours Per WeekStart Date: 03/22/2021Location: Columbia Mills, 301 Gervais Street, Columbia, SC 29201Position Type: W2 ContractInterview Process: In-person, Video, or Phone ConferenceRequirement ID: SSCSEC755BR Description: State of South Carolina - Department of Health and Environmental Control Scope of the Project:DHEC actively strives to keep in compliance with PCI-DSS standards. The PCI Compliance Analyst will manage the PCI compliance initiative under the guidance of the Chief Information Security Officer and PCI project management team. This position will aim to maintain PCI compliance and lower the agency’s risk profile in relation to the PCI environment. This position will work closely with the Security Operations Center (SOC), Server Hosting Team, and Application Teams to review vulnerability reports, investigate solutions, test solutions and their impacts to other environments, follow the agency’s Change Management process, implement solutions, track, and document remediation. Candidates should be self-motivated, team-oriented, work under limited supervision, and respond to priority tasks as needed. Responsibilities:The Security Analyst will be responsible for managing the discovery, analysis, tracking, and remediation of vulnerabilities across the agency’s technology systems. Responsibilities include:Maintain and improve the vulnerability management process.Develop solutions and automated methods to reduce manual and repetitive tasks.Follow a mature change management process – preparing change management requests and presenting requests to the change management board for approval.Work closely with key stakeholder groups, including the SOC, to ensure appropriate levels of engagement and focus are maintained.Plan and implement technical changes without unexpected disruption to the service and with minimal oversight.Create, maintain, and review operational processes and support documentation.Adheres to Information Technology application development standards and security requirements.Prepare and maintain system documentation and architecture diagrams as assigned.Ability to plan, organize, review, implement associated project milestones to completion.Requires mastery technical and business knowledge in multiple disciplines/ processes.Create supporting project and system documentation.Provide updates to the Project Team.Assist with development of policies and procedures to conform and comply with agency standard cyber security policy design related to information risk management, designation of data as to criticality, confidentiality, and protection. (NIST 800-53, FISMA, SC InfoSec Requirements http://admin.sc.gov/technology/information-security/policies-and-procedures, etc.).The position will be utilized for 40 hours per week for the duration of this project. The selected candidate should be able to work flexible hours where it may be necessary for work to be completed outside traditional business hours.The candidate will work closely with the CISO and PCI project team to identify, prioritize, and schedule changes to the agency’s PCI environment to support PCI compliance. The candidate will work closely with customer and subject matter experts for the system design, migration to the new framework, and testing.This will also include compliance to DHEC security policy/ procedures as well as integrating systems when possible to streamline staff workflows, user security, and data correction. DHEC will provide:All required information including formulas, data, and mechanisms to check output.Staff to assist with any application or data questions.Conference rooms and scheduling for any application demos.Workstation and required software. Required Skills/ Experience/ Education:Experience in projects involving PCI/ NIST security implementations and/or audits.Knowledge of information technology field, best practices, organization and operations familiarity with vulnerability management reports and tools (Nessus, Clover Security, etc.).Knowledge of networking protocols, including TCP/IP, HTTP, NTP, DNS, MLLP, NDM.Security - Knowledge in networking, databases, systems, and Web operations.Vulnerability Scanning.Microsoft Active Directory.ITIL Incident and problem management processes.NIST Configuration Management Controls.Experience with security and data classification related to CDC, HIPAA, and CJIS.Bachelor's or Master's Degree in a relevant field of work and/or equivalent work experience. Preferred Skills/ Experience/ Education:Experience network vulnerability scanning and penetration testing.Knowledge of Information Security best practices.Ability to establish positive working relationships with technical staff, customers and others involved in data-centric management.Excellent written, oral, and interpersonal communication skills.Knowledge of Information Technology Field, best practices, organization, and operations.Experience with SolarWinds, LanSweeper, AD.Ability to integrate technical systems with agency goals and objectives.Experience working with PCI environments.Security Certification (CISSP, CRISC, CEH). V Group Inc. is an IT Services company which supplies IT staffing, project management, and delivery services in software, network, help desk and all IT areas. Our primary focus is the public sector including state and federal contracts. We have multiple awards/ contracts with the following states: NY, NJ, PA, MD, NC, SC, GA, FL, CA, DE, IL, MI, OH, OR, TX, VA, and WA. If you are considering applying for a position with V Group, or in partnering with us on a position, please feel free to contact me for any questions you may have regarding our services and the advantages we can offer you as a consultant. Please share my contact information with others working in Information Technology. Website: www.vgroupinc.comLinkedIn: www.linkedin.com/company/v-groupFacebook: www.facebook.com/VGroupITTwitter: www.twitter.com/vgroupinc