Description
Description
SAIC is seeking a remote Senior Cyber GRC Analyst to join our team providing Security Operations Services for a major state & local government customer located in Texas. It is a program requirement that no program work be performed outside of the United States. This position reports to our Technical Director and is a member of the team providing security planning, management and oversight for data center and cloud services. Working with fellow team members, the Senior Cyber GRC Analyst will be primarily responsible for activities associated with cyber vulnerability management, cyber risk management, threat intelligence, establishment of standards and policy, and supporting related tasks and recurring deliverables.
Primary job responsibilities include:
Using the NIST Risk Management Framework (RMF) and other standards-based guidance, perform risk analysis including identification, recommendation of mitigations, and tracking of risks throughout their lifecycle
Perform threat modeling and assessment
Analyze and assess vulnerability data from scanning tools, cyber intelligence or other resources to determine validity, severity and impact to SAIC customers
Coordinate audit activities by internal and external parties including SOC II Type 2 audits (external)
Using NIST SP800-53R4 and other references, design and coordinate the implementation of cyber security controls with technical teams
Coordinate and oversee the development of system security plans and compliance with standards and policies
Interact with peer supplier organizations in the assessment of risk for their systems and technologies, and coordinate risk management and response activities
Maintain POAMs and supervise the completion of assign tasks and activities by others
Perform baseline assessments of cybersecurity compliance against documented standards and requirements
Help to ensure that SAIC and in scope systems are patched according to approved schedule and requirements
Provide input and assessment of new risks and recommend actions
Coordinate annual cybersecurity assessment across multiple vendors and service providers; produce consolidated assessment report
Provide reports, communication and engagement with stakeholders and management
Provide senior management and executive briefings, summaries and reports on activities, assessments and cyber security posture
Coordinate business continuity and disaster recovery activities
Lead maintenance of policy, procedures, and related job aid documentation
Qualifications
Required Education & Experience:
Bachelor's Degree in related discipline and five (5) years related experience; OR, Master's Degree and three (3) years of experience in a related discipline (e.g. Information Security).
3-5 years of experience with cyber risk management including the NIST RMF and SP800-53R4
3-5 years of experience with cyber vulnerability and/or risk management
3-5 years of experience providing and coordinating cyber security assessments and audits
Cybersecurity certification (CISSP or CRISC preferred; alternatives include CompTIA Security+, CEH, CISA, CISM, GSLC)
Experience with the development and documentation of cybersecurity policies and standards
Cyber security in data center and cloud environments
Ability to create reports and visualizations to support Risk & Compliance activities
Excellent oral and written communication skills
Preferred:
Experience with Vulnerability Management & Compliance scanning tools such as Tenable or Qualys.
Experience with ITIL, ITIL certification
Experience with ITSM/Reporting tools such as ServiceNow
Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
