Job ID: 2402580

Location: RESTON, VA, US

Date Posted: 2024-02-19

Category: Cyber

Subcategory: Cyber GRC

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: None

Clearance Level Must Be Able to Obtain: None

Potential for Remote Work: No

Description

SAIC is seeking a Cybersecurity Risk Manager to join the Governance, Risk and Compliance (GRC) Team. This position may be remote anywhere in the US for the right candidate.

The Cybersecurity Risk Manager will work closely with the technical process teams to facilitate application and system risk assessments, coordinate remediation efforts, assist with creating mitigation plans, validate control effectiveness, as well and track remediation efforts to completion. The position will also be a key cybersecurity role in continuous improvement of SAIC’s Cybersecurity Risk Management Program.

Responsibilities include:

• Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
• Perform application risk assessments/reassessment tasks.
• Perform technical system/infrastructure risk assessments/reassessment tasks.
• Monitor, track, report assessment results for risk owners; and escalate risks to Senior Leadership.
• Perform vendor risk assessment/reassessment tasks.
• Develop mitigation and corrective action plans with application/system owners.
• Define and meet SLA expectations for assessments/reassessments.
• Communicate and collaborate with internal teams, stakeholders, and leadership. Assist in the continuous improvement and maturity of the organizations overall cyber risk management framework, program, processes, and tools.
• Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
• Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
• Assist with maintenance of the GRC tool used by the team.
• Assist with tracking and remediation of penetration test results.
• Assist with tracking and remediation of vulnerabilities.
• Provide 2nd line of defense support for technical process teams.
• Recommend appropriate policy, standards, process, and procedural updates as part of comprehensive remediation solutions.
• Develop and provide key risk metrics for the cybersecurity risk management program.
• Develop and maintain documentation in support of audit reviews.
• Develop and maintain documentation in support of the cybersecurity risk management program.

Qualifications

Required Skills:

• Bachelor’s degree in Information Technology or similar discipline with 14 years of experience, or Master’s Degree with 12 years of experience, or a PhD or JD and 9 years of experience. An additional 4 years of experience may be considered in lieu of a degree.
• Must be a US Citizen.
• Previous governance, risk, compliance experience in the IT field.
• Previous supply chain risk management experience.
• Previous vendor management experience.
• Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, NIST 800-53, NIST 80-37, and ISO 27001 standards).
• Ability to analyze complex information and make/defend independent judgements.
• Strong oral and written communication skills and ability to transform technical knowledge into business language (e.g. reports, presentations, etc.)
• Ability to work independently and strategically.
• Ability to effectively collaborate and negotiate with diverse stakeholders to meet mission needs.
• Ability to analyze complex information and make/defend independent judgements.
• Ability to manage and prioritize multiple tasks and external dependencies to ensure deadlines are met.
• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
• Certifications such as CISA, CISSP, CISM, or Security .

Desired Skills:

• Working knowledge of ServiceNow and/or other GRC tools.
• Working knowledge of security tools for vulnerability scanning, DLP, endpoint protection, etc.
• Technical proficiency in Cybersecurity.