Phone/Skype Hire. Onsite from day 1. Only SC Residents
Location: Columbia, SC
Duration: 12+ months
The purpose of this position is to support the agency's cybersecurity and data protection program by helping protect sensitive information, monitor security risks, and strengthen controls around AI, Copilot, DLP, Insider Risk, auditing, and vendor security, and device patching. The analyst will review and triage security alerts, investigate access and movement of sensitive information, perform system and vendor audits, document findings, assist with incident escalation, and work with technical and business teams to strengthen the agency's overall security and data governance posture.
Key Responsibilities/Job Functions:
Data Protection & Data Governance
Monitor and administer Data Loss Prevention (DLP) policies and controls.
Investigate potential data loss, data exposure, and unauthorized access incidents.
Support Data Security Posture Management (DSPM) initiatives related to AI and Copilot.
Review the movement, storage, and sharing of sensitive information.
Assist in implementation of data classification and data handling requirements.
Participate in data governance initiatives and support data owners and stewards.
Security Monitoring & Incident Response
Review and triage security alerts from DLP, Insider Risk Management, DSPM, and other security platforms.
Investigate suspicious activity involving sensitive information.
Document findings and maintain investigation records.
Escalate incidents according to agency incident response procedures.
Assist with containment, recovery, and post-incident activities.
Insider Risk Management
Monitor Insider Risk Management alerts and cases.
Analyze user activity associated with potential policy violations.
Conduct investigations while maintaining confidentiality and proper chain of evidence.
Recommend corrective actions and risk mitigation strategies.
Vendor Security Management
Participate in third-party and vendor security assessments.
Review vendor security documentation, audit reports, and questionnaires.
Identify cybersecurity risks associated with third-party services.
Assist in tracking remediation efforts and risk acceptance decisions.
Security Auditing & Compliance
Support cybersecurity audits and compliance reviews.
Collect and analyze evidence for regulatory and policy requirements.
Assist with risk assessments and control validation activities.
Maintain documentation supporting compliance efforts.
Collaboration & Reporting
Work with technical and non-technical staff to address security concerns.
Prepare reports, metrics, and presentations regarding security risks and trends.
Participate in cybersecurity awareness and training initiatives.
Recommend improvements to security policies, procedures, and controls.
Skills Needed
Required Education and/or Certifications
A bachelor's degree in cybersecurity, information technology, computer science, or a related field is required; equivalent experience may be considered.
A foundational security certification such as CompTIA Security+ or GIAC Security Essentials (GSEC) is required.
Preferred certifications include Microsoft SC100, SC200, CEH, or an Associate level CISSP.