Senior Cyber Risk Analyst

Senior Cyber Risk Analyst

The Department of Administration's (Admin) Division of Information Security (DIS) is seeking a Senior Cyber Risk Analyst to join our top performing team! DIS is responsible for establishing statewide policies, standards, programs, and services related to cybersecurity and information systems. This position will discover cyber risks, interpret applicable policies, document cyber risks, communicate with agencies regarding cyber risk and mitigation strategies, train/guide junior analysts, and help to develop and mature the cyber risk program. Now is an exciting time to join state government! We have prioritized maturing our security posture and look to lean on innovative thinkers to continue the evolution. We are service minded and believe our purpose is to protect our home state. If you are a forward-thinking security leader with an actionable mind set and want to make a difference, join us in our effort to protect South Carolina. You will have the opportunity to impact decisions, build teams, and ultimately mold security practices that will protect our state! 

This position is onsite in beautiful Columbia, South Carolina.

Responsibilities of the Senior Cyber Risk Analyst: 

• Assist the Director of Risk Management and Compliance with the development of the cyber risk program including program documentation, policies, and procedures. 
• Assist with the development of cyber risk profiles for state agencies.
• Maintain documentation of cyber risks, mitigation strategies, risk acceptances, and other risk/compliance information into a governance, risk, and compliance system. 
• Assist with the development of program metrics. Develop and create reports as requested.
• Communicate with agencies to collect risk information and assist the agencies with resources to mitigate or manage risk. 
• Assist the Director of Risk Management and Compliance with establishing and managing communication plans.
• Work with and train junior risk analysts and other team members within the Risk Management and Compliance team. 
• Other duties as assigned. This is an essential position as it may require operational support of the incumbent, as a member of the DIS leadership team.

Minimum and Additional Requirements:

A bachelor's degree in computer science or related field and at least four (4) years of experience in information security. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.

• Candidate must be eligible to obtain and retain a Secret or higher security clearance from appropriate federal authorities. 

Additional Requirements

• Excellent written and verbal communication skills and the ability to communicate cyber security concepts to a broad range of technical and non-technical audiences. 
• Ability to foster participation and work cooperatively with agencies, state executives, and staff. 
• Expert understanding of information security and privacy regulations, frameworks, requirements, and best practices.

Preferred Qualifications:

• Experience in a cyber audit, risk management, and/or security compliance role is preferred. 
• Professional certification related to information security or privacy (e.g., CRSIC, CGRC, CGEIT) or similar certification is preferred.