IT Risk and Compliance Principal

About The Position

Requirements

• Bachelor’s degree in computer science, information technology, information/cyber security or a related field or relative experience
• Minimum of 5+ years of experience in IT risk management, IT compliance, or information security, with a significant portion in a leadership role (e.g., ISSO, ISSE, ISSM)
• Certifications such as CISSP, CISM, or CISA
• Creation and submission of Authorization to Operate (ATO) package
• Experience in security role managing projects as well as delivering and supporting customer security requirements
• Excellent problem-solving, analytical, and communication skills
• Ability to effectively collaborate across multi-functional teams
• Demonstrated experience performing complex technical tasks with minimal direction
• Possesses experience with communicating and presenting technical solutions and status to executives, key stakeholders and decision makers
• Experience with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management)
• Strong understanding of security boundary protection strategies to include Intrusion Detection/Prevention devices, compensating controls, and firewall rules
• Experience supporting new business opportunities developing solutions, participating in oral presentations, and supporting costing / pricing
• IT risk management frameworks and regulatory requirements (e.g., NIST 800-171, 800-172, 800-53, ISO 27001, COBIT)
• Security and privacy controls (e.g., CIS Level 2, DISA STIG)
• Cybersecurity Maturity Model Certification (CMMC)
• Security authorization process (e.g., FedRAMP, ATO)
• IT audits and associated processes

Nice To Haves

• ServiceNow architecture
• Contingency planning and disaster recovery

Responsibilities

• Govern the cyber security hygiene of GDIT’s and our customer’s information technology systems ensuring their integrity and protection.
• Monitor, analyze and assess the security posture of GDIT’s and our customer’s Cloud and on-premises environments for security gaps, access controls, network settings, misconfigurations, and areas of high risks based on industry’s best practices and regulatory requirements.
• Maintain accurate and current security documentation including plans, processes, architecture, audit findings and records (i.e., corrective actions).
• Implement security audit reviews verifying that the audit records are collected and reviewed.
• Proactively monitor emerging security threats and technology advancements to recommend and implement process and tools improvements.
• Recommend and implement process and tools improvements.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.