Description
Description
SAIC is seeking a Cybersecurity GRC Analyst Principal to join the Governance, Risk and Compliance (GRC) Team. This position is 100% remote.
The Cybersecurity Risk Manager will work closely with the technical process teams to facilitate application and system risk assessments, coordinate remediation efforts, assist with creating mitigation plans, validate control effectiveness, and track remediation efforts to completion. The position will also be a key cybersecurity role in continuous improvement of SAIC's Cybersecurity Risk Management Program.
Responsibilities include:
Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
Perform application risk assessments/reassessment tasks.
Perform technical system/infrastructure risk assessments/reassessment tasks.
Monitor, track, report assessment results for risk owners; and escalate risks to Senior Leadership.
Perform vendor risk assessment/reassessment tasks.
Develop mitigation and corrective action plans with application/system owners.
Define and meet SLA expectations for assessments/reassessments.
Communicate and collaborate with internal teams, stakeholders, and leadership. Assist in the continuous improvement and maturity of the organizations overall cyber risk management framework, program, processes, and tools.
Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
Assist with maintenance of the GRC tool used by the team.
Assist with tracking and remediation of penetration test results.
Assist with tracking and remediation of vulnerabilities.
Provide 2nd line of defense support for technical process teams.
Recommend appropriate policy, standards, process, and procedural updates as part of comprehensive remediation solutions.
Develop and provide key risk metrics for the cybersecurity risk management program.
Develop and maintain documentation in support of audit reviews.
Develop and maintain documentation in support of the cybersecurity risk management program.
Qualifications
Required Skills:
Bachelor's degree in Information Technology or similar discipline and 9 years of experience, or Master's Degree and 7 years of experience.
Previous governance, risk, compliance experience in the IT field.
Previous supply chain risk management experience.
Previous vendor management experience.
Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, NIST 800-53, NIST 800-37, and ISO 27001 standards).
Ability to categorize systems and information store/process on system based on FIPS 199 and/or NIST 800-60.
Ability to analyze complex information and make/defend independent judgements.
Strong oral and written communication skills and ability to transform technical knowledge into business language (e.g. reports, presentations, etc.)
Ability to work independently and strategically.
Ability to effectively collaborate and negotiate with diverse stakeholders to meet mission needs.
Ability to analyze complex information and make/defend independent judgements.
Ability to manage and prioritize multiple tasks and external dependencies to ensure deadlines are met.
Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
Certifications such as CISA, CISSP, CISM, or Security+.
Desired Skills:
Working knowledge of ServiceNow and/or other GRC tools.
Working knowledge of security tools for vulnerability scanning, DLP, endpoint protection, etc.
Technical proficiency in Cybersecurity.
Apply on company website
Find Connections via Linkedin
