Job Description
DPP is seeking a Cloud Senior Security Risk Analyst for an opportunity in Columbia, SC. Work arrangement: - Onsite highly preferred, but open to remote
- W2 position; 6 months
- Candidates who are foreign nationals must have resided in the US for at least three (3) of the last five (5) years prior to assignment to the client’s applicable government contract.
Position summary: - A typical day for a Cloud Senior Security Risk Analyst includes a blend of strategic planning, technical risk assessments, and cross-functional collaboration.
- The Analyst plays a key role in evaluating the security posture of cloud-based services, ensuring that all aspects of the migration—from data transfer to infrastructure setup to CMS security policies and federal compliance standards.
- They assess risks associated with cloud configurations, identity and access management, and data protection, while working closely with engineering, compliance, and project management teams to implement mitigation strategies.
- The Analyst also supports audit readiness, documents risk decisions, and contributes to the development of secure cloud architecture.
- Their day often includes reviewing security dashboards, participating in migration planning meetings, and advising stakeholders on best practices to ensure a secure and compliant transition from the legacy environment to the CMS Commercial Cloud.
- They also develop strategies and approaches for cloud developments within a compliance and systems security context, ensuring alignment with HIPAA, system security cloud policies, and audit requirements.
- Additionally, they perform independent, objective cloud information systems audits and evaluations, providing actionable recommendations to strengthen security posture and maintain regulatory compliance.
Required technologies: - Agile experience
- Demonstrate Cloud Migration security oversight in Agile Delivery Environments.
- Serve as the Security SME for cloud migration teams, overseeing the security posture of Cloud hosted systems through lift-and-shift or re-platforming processes.
- Strong understanding of AWS-native services such as Identity and Access Management (IAM), KMS, Security Groups, Config, WAF, Shield, Macie
- Proficiency with Splunk – develop, tune, and manage dashboards and alerts for real-time detection, compliance, violations, SIEM integration, and anomaly monitoring
- Coordinate and execute security assessments, risk analyses, and vulnerability scans for cloud workloads.
- Monitor security events and indicators of compromise (IoCs), and lead response efforts with SOC & IR teams.
- Experience with Security Tools associated with AWS Security & Compliance Frameworks (NIST 800-53, HIPAA, FedRAMP)
- Federal or Medicare Experience
- Security and Compliance Frameworks (NIST 800-53, FedRAMP)
Nice to have: - FedRAMP/NIST 800-53 Compliance Frameworks
- Familiarity with federal compliance standards, particularly FedRAMP and NIST 800-53, is crucial for aligning cloud security controls with CMS requirements.
- Ability to interpret and analyze VPC flow logs, CloudTrail events, and GuardDuty findings.
- Experience with SAST, DST, vulnerability management, and endpoint security tools.
Preferred certifications: - ISC2 Certified Information Systems Security Professional (CISSP).
Minimum required work experience: - 8 years of I/T experience including 4 years of IT security, risk assessment and/or compliance experience.
- Successful completion of the client’s I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.
Job/class description: - Develop strategies and approaches for business development proposals within a compliance and systems security context. Plan and perform compliance and systems security activities in alignment with contractual role. Communicate and escalate compliance and risk issues to the appropriate customer representative and/or level of management. Act as a change agent to influence I/S and corporate compliance culture in alignment with business constituency. Develop strong systems security customer business relationship. Provide expert level consultation regards contractual system security obligations, frameworks, control requirements.
- Oversee remediation of new and outstanding issues, including Information Security Risk Exception process, across multiple business areas and security frameworks. Utilize tools to track and report on compliance posture.
- Conduct or lead others in the procedural and operational review of internal IS security compliance standards. Oversee formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks. Identify and champion efficiency improvements related to security, risk and compliance processes. Engage appropriate Client Management areas to facilitate process improvements through formal IS Methodology.
- Lead the development, implementation and documentation of Information Security policies, procedures, processes and programs to guide IS toward continuous compliance. May conduct or lead others in the analysis and interpretation of security regulations and controls. Proactively provide strategic consulting to IS functional teams with the development, implementation, monitoring, and reporting of control processes, documentation and compliance routines for moderate to highly complex work efforts.
- Serve as an interface with external entities for governance and compliance reviews regarding information security risk.
- Conduct or lead others in the investigation, documentation and resolution of Information Security Incidents. Advises senior management of critical issues that may affect organization.
- Research emerging security topics, threats and capabilities to create/update policy and governance. Engage appropriate leaders to evaluate and mitigate potential exposure. Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards and best practices, as well as delivering training to personnel.
Required knowledge, skills, and abilities: - Complete understanding of systems security business life cycle methodologies.
- Subject Matter Expert in both government and private risk frameworks and control implementations.
- Comprehensive understanding of business system security risk management, information system security and compliance practices.
- Demonstrate excellent analytical, problem solving, decision-making skills, interpersonal and ownership skills.
- Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
- Ability to lead others in solving problems often spanning multiple environments and business areas.
- Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
- Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols.
- Excellent communication skills in presenting results to customer, senior management, and matrix staff both verbally and in writing.
- Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
- Possess excellent collaboration skills with a wide variety of internal matrix and management staff.
Required education/equivalencies: - Bachelor’s degree in Computer Science, Information Technology, or other job-related degree;
- OR, Associates degree in CS, IT, or other job-related degree plus 2 years of work-related experience;
- OR, 4 years job-related work experience (total 12 years without a degree)
Interested? Learn more: Click the apply button or contact our recruiter
Carolyn at
(url removed)to learn more about this position (#
(phone number removed)).
Authorized US Worker - US Citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor at this time.
EOE/AA/V/D DPP offers a range of compensation and benefits packages to our employees and their eligible dependents. Call today to learn more about working with
DPP .
Job Tags
Full time, Contract work, Work experience placement, Remote work, Shift work,