IT Risk and Compliance Principal

About The Position

Requirements

• Bachelor’s degree in computer science, information technology, information/cyber security or a related field or relative experience
• Minimum of 5+ years of experience in IT risk management, IT compliance, or information security, with a significant portion in a leadership role (e.g., ISSO, ISSE, ISSM)
• Certifications such as CISSP, CISM, or CISA
• Creation and submission of Authorization to Operate (ATO) package
• Experience in security role managing projects as well as delivering and supporting customer security requirements
• Excellent problem-solving, analytical, and communication skills
• Ability to effectively collaborate across multi-functional teams
• Demonstrated experience performing complex technical tasks with minimal direction
• Possesses experience with communicating and presenting technical solutions and status to executives, key stakeholders and decision makers
• Experience with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management)
• Strong understanding of security boundary protection strategies to include Intrusion Detection/Prevention devices, compensating controls, and firewall rules
• Experience supporting new business opportunities developing solutions, participating in oral presentations, and supporting costing / pricing
• IT risk management frameworks and regulatory requirements (e.g., NIST 800-171, 800-172, 800-53, ISO 27001, COBIT)
• Security and privacy controls (e.g., CIS Level 2, DISA STIG)
• Cybersecurity Maturity Model Certification (CMMC)
• Security authorization process (e.g., FedRAMP, ATO)
• IT audits and associated processes
• Active security clearance (Top Secret or Department of Energy(DoE) Q)

Nice To Haves

• ServiceNow architecture
• Contingency planning and disaster recovery

Responsibilities

• Govern the cyber security hygiene of GDIT’s and our customer’s information technology systems ensuring their integrity and protection.
• Monitor, analyze and assess the security posture of GDIT’s and our customer’s Cloud and on-premises environments for security gaps, access controls, network settings, misconfigurations, and areas of high risks based on industry’s best practices and regulatory requirements.
• Maintain accurate and current security documentation including plans, processes, architecture, audit findings and records (i.e., corrective actions).
• Implement security audit reviews verifying that the audit records are collected and reviewed.
• Proactively monitor emerging security threats and technology advancements to recommend and implement process and tools improvements.
• Recommend and implement process and tools improvements.

Benefits

• Comprehensive benefits and wellness packages
• 401K with company match
• Competitive pay and paid time off
• Full-flex work week to own your priorities at work and at home