Senior IT Risk and Compliance Specialist Senior

About The Position

Requirements

• Minimum of 3+ years of experience serving as an ISSO for either Corporate or program levels with a basic understanding of ISSO duties and responsibilities and awareness of GRC tools (eMASS or XACTA)
• Experience supporting security projects as well as delivering and supporting customer security requirements
• Comprehension of change and configuration management and security impact analysis
• Excellent problem-solving, analytical, and communication skills
• Ability to effectively collaborate across multi-functional teams
• Possesses experience with communicating and presenting technical solutions and status to executives, key stakeholders and decision makers
• Familiarity with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management)
• Ability to develop network architectures or follow templated examples in order to properly document a network architecture.
• Knowledge of IT risk management frameworks and regulatory requirements (e.g., NIST 800-171, ISO 27001)
• Knowledge of Security and privacy controls (e.g., CIS Level 2, DISA STIG)
• Knowledge of DoD security authorization process
• Knowledge of Security auditing practices and procedures and associated processes

Nice To Haves

• Proven track record of successfully managing large-scale IT risk and compliance programs
• Relevant certifications such as IAT Level II/8570/8140, Security +CE Preferred
• Experience with Microsoft Office Products, Adobe Pro, Visio, JIRA, ServiceNow
• Experience in a government
• Familiarity with cloud security best practices and technologies
• Must be clearable up to Top Secret
• Bachelor's degree in computer science, information technology, information/cyber security or a related field

Responsibilities

• Manage and/or maintain the security posture and authorization lifecycle for multiple cloud and on-premises information systems.
• Collaborate with stakeholders to attain information necessary for continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and supporting the SCA/ISSM during security control assessments.
• Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), network architectures
• Collaborate with stakeholders in order to develop program/project cyber policies .
• Familiarization with NIST 800 series documentation, ( NIST 800-171, GD and GDIT Cybersecurity policies), hardening guidance from vendors and US Government clients.
• Posses the ability to interpret vulnerability scan reports and coordinate with program stakeholders in order to remediate actions to closure and develop presentations and brief findings as needed.
• Support incident response, contingency planning, and disaster recovery efforts as needed by program and stakeholders.
• Serve as the program ISSO and represent the interests of the system owners, developers, and administrators.
• The ISSO will Interface with auditors and assessors during security control assessments and authorization events.
• Facilitate and collaborate with data owners, system owners, authorizing officials, and technical teams to prepare, implement, and monitor privacy and security controls in accordance with organizational risk policy.
• Ensure compliance with applicable GDIT requirements and policies
• maintain cyber compliance processes, procedures, and standards
• Collaborate stakeholders to design and implement security controls for new and existing systems and lab environments
• Maintain and update security documentation, including System Security Plans (SSPs, Architecture Diagrams, , Plan of Action and Milestones (POA&Ms), and other AO/AODR required documents, etc.
• Support security assessments and audits as a key stakeholder during the SCA/ISSMs evaluation of the security controls,
• Review vulnerability and compliance scan reports, and other relevant security reports and alerts for assigned systems
• Support incident response activities, including investigation, containment, and recovery efforts and annual incident response testing

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
• We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.