Information Security Compliance Consultant - Contract

Information Security ComplianceConsultant
Location:100%Remote. Preference will be given to local candidates who can come to the officeas needed for client and departmental meetings, trainings, and other onsiteactivities.

Interview Process:1-2 Rounds of Virtual Interviews. In personavailability for interviews preferred.

Duration:12Months
Employment Type: Contract
Experience Required: 12+ Years

Candidatelocation: No South Carolina residency required. Open to nationwidecandidates. All travel-related costs for onsite work will be the responsibilityof the resource no matter the frequency of onsite work.

Certification Requirement:CJIS Certification required after onboardingand processed by the client.

Project Scope:

Seeking an experienced Information SecurityCompliance Consultant to support statewide information security programinitiatives. The consultant will assist agencies with tactical implementationof information security requirements, development and tracking of securityimplementation plans, compliance assessments, policy and proceduredocumentation, and governance activities.

The consultant will work closely with businessleaders, technical teams, and third-party stakeholders to evaluate securitycontrols, assess compliance readiness, and ensure alignment with establishedsecurity frameworks and state standards. This role requires strong expertise ininformation security governance, risk, compliance (GRC), auditing, andregulatory frameworks.

Key Responsibilities:

• Support agencieswith information security program implementation and compliance initiatives.
• Conductinterviews with business owners, technical teams, administrators, andthird-party stakeholders to gather security and compliance requirements.
• Develop,document, and maintain security policies, procedures, and governance artifacts.
• Track and monitorInformation Security implementation plans and remediation activities.
• Performcompliance assessments against established security frameworks and controlstandards.
• Review agencydocumentation and provide recommendations to strengthen security posture andcompliance readiness.
• Analyze existingbusiness processes and identify opportunities for improvement and riskreduction.
• Assist indeveloping corrective action plans (CAP) and Plans of Action & Milestones(POA&M).
• Support multipleconcurrent security and compliance initiatives while maintaining projecttimelines.
• Prepare reports,findings, and compliance status updates for leadership and stakeholders.
• Ensure alignmentwith state security standards, regulatory requirements, and industry bestpractices.

Required Skills & Experience:

• 10+ years ofInformation Security and Compliance experience.
• 2+ years ofexperience conducting security audits or serving as an Information SystemSecurity Officer (ISSO).
• Strong workingknowledge of NIST 800-53 security controls and compliance requirements.
• Experiencedeveloping and managing POA&M and Corrective Action Plans (CAP).
• 3+ years ofexperience working with Governance, Risk, and Compliance (GRC) platformssuch as Archer or similar tools.
• Strongdocumentation, communication, and stakeholder management skills.
• Experienceassessing security controls and compliance programs.

Preferred Skills:

• Experiencedeveloping Information Security Plans (ISPs) and System Security Plan (SSP)documentation.
• Experiencemanaging multiple concurrent information security initiatives.
• Knowledge of IRS1075, HIPAA, CJIS, MARS-E, and PCI-DSS compliance frameworks.

·Government orpublic sector experience.

• Experience withprocess analysis, business process re-engineering, and compliance programdevelopment.
• Strong projectscheduling and resource planning capabilities.

Education

Bachelor's Degree

Preferred Certifications:

·CISA

·GSLC

EquivalentInformation Security Certification