Deputy Cybersecurity Governance Lead

SAIC•Washington, DC

About The Position

SAIC® is a premier Fortune 500® mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.3 billion.

Requirements

Applies extensive technical expertise and has full knowledge of other related disciplines.
Receives assignments in the form of objectives and establishes goals to meet objectives.
Provides guidance to subordinates to achieve goals in accordance with established policies.
Work is reviewed and measured based on meeting objectives and schedules.
Establishes and recommends changes to policies which affect subordinate organization(s).
Develops technical solutions to complex problems which require the regular use of ingenuity and creativity.
Work is performed without appreciable direction.
Exercises considerable latitude in determining technical objectives of assignment.
Completed work is reviewed from a relatively long-term perspective for desired results.
Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results.
Guides the successful completion of major programs.
Erroneous decisions or recommendations would typically result in failure to achieve major organizational objectives.

Responsibilities

Performs Risk Management; Test & Evaluation; Training, Education, & Awareness; and Vulnerability Scanning & Management activities from the National Initiative for Cybersecurity Education (NICE) Framework.
Categorizes systems and information stored/processed on the system based on FIPS199 and/or NIST 800-60.
Selects initial baseline of applicable security controls based on FIPS 200 and/or NIST 800-53.
May supplement the baseline with further security controls in accordance with organizational policy.
Implements security controls based on numerous NIST Special Publication guidance documents, including 800-34, 800-64, and 800-128.
Specifically and functionally documents implemented security controls.
Assesses security controls based on NIST 800-53A to ensure they are implemented correctly and effectively.
May perform testing to verify and validate.
Ensures systems are authorized based on NIST 800-37.
Ensures continuous monitoring is achieved based on NIST 800-137, 800-37, 800-53A, and/or other special publications.
May perform internal auditing functions in support of ISO/IEC standards, such as 9000, 20000, 27001, etc.
May work with external auditors to ensure these actions have been performed to industry standards.
May perform policy analysis activities to author or support the authoring of new enterprise policy.
Represents organization as prime technical contact on contracts and projects.
Interacts with senior external personnel on significant technical matters often requiring coordination between organizations.