IT Risk and Compliance Specialist Senior Principal

General Dynamics-posted 3 months ago
$131,750 - $178,250/Yr
Full-time • Senior
Hybrid • Bossier City, LA
Transportation Equipment Manufacturing
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Transform technology into opportunity as an IT Risk and Compliance Specialist Senior Principal with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you'll be at the forefront of innovation and play a meaningful part in improving how agencies operate. GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team is seeking an experienced IT Risk and Compliance Specialist Senior Principal. Our team provides services across GDIT programs to ensure the confidentiality, integrity, and availability of information systems while supporting compliance with relevant regulations and standards. This role requires a highly knowledgeable self-starter to independently manage the full Risk Management Framework (RMF) lifecycle for multiple systems concurrently. The ideal candidate will operate in a dynamic, high-tempo environment, applying deep expertise in risk management and regulatory compliance to protect critical information assets.

  • Manage the security posture and authorization lifecycle for multiple cloud and on-premises information systems.
  • Conduct continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and security control assessments.
  • Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), and Risk Assessment Reports (RARs).
  • Periodically assess the risk to organizational operations (mission, functions, image, reputation) and organizational assets in accordance with organizational risk management policies.
  • Proactively monitor emerging security threats and technology advancements to recommend and implement process and tools improvements.
  • Ensure system compliance with NIST special publications, FedRAMP requirements, DISA STIGs, and CIS Benchmarks.
  • Assess and mitigate system vulnerabilities; track remedial actions to closure.
  • Support incident response, contingency planning, and disaster recovery efforts.
  • Serve as the primary security advisor to system owners, developers, and administrators.
  • Interface with auditors and assessors during security control assessments and authorization events.
  • Provide security-focused input for new business proposals and solutions.
  • Technical training, certificate, or degree in information/cyber security or a related field.
  • Minimum of 8+ years of experience in IT risk management, IT compliance, or information security, with a significant portion in a leadership role (e.g., ISSO, ISSE, ISSM).
  • At least one of the following certifications: CISSP, CISM, and/or CISA.
  • Experience managing security projects as well as delivering and supporting customer security requirements.
  • Comprehension of change and configuration management and security impact analysis.
  • Excellent problem-solving, analytical, and communication skills.
  • Ability to effectively collaborate across multi-functional teams.
  • Demonstrated experience performing complex technical tasks with minimal direction.
  • Experience with communicating and presenting technical solutions and status to executives, key stakeholders, and decision makers.
  • Experience with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management).
  • Strong understanding of security boundary protection strategies to include Intrusion Detection/Prevention devices, compensating controls, and firewall rules.
  • Knowledge of IT risk management frameworks and regulatory requirements (e.g., NIST, ISO 27001, COBIT, FISMA).
  • Knowledge of security and privacy controls (e.g., CIS Level 2, DISA STIG).
  • Knowledge of security audits and associated processes.
  • Knowledge of contingency planning and disaster recovery.
  • Ability to obtain and maintain a Top Secret security clearance.
  • Proven track record of successfully managing large-scale IT risk and compliance programs.
  • Additional relevant certifications such as CISA, CISSP, CISM, CGRC, and/or CRISC.
  • Familiarity with security management tools (e.g., Splunk, CrowdStrike, Qualys, Tenable, eMASS, Archer, etc.).
  • Experience with Microsoft Office Products, Adobe Pro, Visio, JIRA, ServiceNow.
  • Experience in a government or highly regulated environment (e.g., Department of Defense, Federal Civilian, Federal Health, Department of Homeland Security).
  • Knowledge of cloud security best practices and technologies.
  • Experience with security automation and orchestration.
  • Comprehensive benefits and wellness packages.
  • 401K with company match.
  • Competitive pay and paid time off.
  • Full-flex work week to own your priorities at work and at home.
  • Paid parental, military, bereavement, and jury duty leave.
  • Short and long-term disability benefits.
  • Life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service