Company: SAIC
Location: Washington, DC
Career Level: Associate
Industries: Technology, Software, IT, Electronics
Description
Description
SAIC is seeking a Deputy Cybersecurity Governance Lead to support a critical U.S. government agency in the National Capital Region. This role serves as a senior operational and technical lead supporting the Security Program Management Office (SPMO) Manager and is responsible for overseeing Information System Security Officer (ISSO) operations, authorization activities, and risk management functions across a portfolio of systems.
The Deputy Cybersecurity Governance Lead provides deep technical and operational oversight for teams responsible for system security, assessment and authorization, continuous monitoring, and risk management activities. This is a hands-on player/coach role that combines strong federal cybersecurity expertise with team leadership, operational coordination, and oversight of day-to-day Governance, Risk and Compliance (GRC) activities..
This hybrid role requires a minimum of three on-site days per week in Washington, DC.
Responsibilities:
- Report directly to the SPMO Manager and support execution of governance, compliance, and operational security activities across the environment.
- Provide day-to-day operational leadership across GRC workstreams, including Risk Management, Assessment & Authorization, Continuous Monitoring, and Audit Support.
- Oversee operations and provide leadership and operational oversight for personnel supporting assigned systems and workstreams.
- Provide technical guidance, mentorship, prioritization support, and quality review for ISSO deliverables and operational activities.
- Oversee development, review, and quality assurance of Security Authorization packages, including SSPs, SARs, POA&Ms, SIAs, Risk Acceptance requests, and related security artifacts across multiple systems.
- Coordinate and prepare systems for Security Control Assessments (SCAs), ensuring completeness, accuracy, and audit readiness of all artifacts.
- Ensure effective implementation, assessment, and monitoring of security controls in accordance with NIST SP 800-53, RMF, and agency security policies.
- Lead POA&M lifecycle management, including development, tracking, remediation validation, and closure assessments.
- Oversee Risk Acceptance processes, ensuring proper documentation, justification, and alignment with system risk posture.
- Manage and enforce continuous monitoring activities, ensuring control effectiveness and ongoing authorization compliance.
- Coordinate audit support activities, including PBC responses, audit data calls, audit brief development, and remediation tracking activities.
- Lead development of audit response packages and support FISMA and A-130 reporting requirements.
- Coordinate with government stakeholders, system owners, engineering teams, and security personnel to resolve compliance and risk issues.
- Coordinate with external security operations and infrastructure teams regarding remediation status, risk impacts, and compliance tracking activities.
- Establish and enforce quality standards for GRC deliverables and ensure documentation accurately reflects implemented system controls and configurations.
- Oversee task tracking, prioritization, reporting, and execution across team activities to ensure contract deliverables and timelines are met.
- Identify process gaps and implement improvements to increase efficiency, reduce RMF cycle time, and enhance audit readiness.
- Prepare and deliver executive-level reports, risk briefings, metrics, and status updates to internal and external stakeholders.
- Oversee development and maintenance of operational dashboards, reporting metrics, and workflow tracking artifacts using tools such as SharePoint and PowerBI.
Qualifications
Requirements:
- Bachelor's degree and 10+ years of IT security, GRC, RMF, or systems security engineering experience, or Master's degree with 8+ years of experience.
- Minimum 3+ years of experience leading teams or overseeing operational cybersecurity activities in a federal environment.
- Ability to obtain and maintain a public trust requiring U.S. Citizenship or Green Card.
- Strong technical background in federal cybersecurity, including hands-on experience with RMF implementation, security controls, system authorization, risk management, and continuous monitoring.
- Demonstrated experience supporting ATO processes, authorization artifacts (SSP, SAR, POA&M, SIA), Risk Acceptance activities, and assessment events.
- Strong understanding of NIST RMF, NIST SP 800-53, FISMA, and federal cybersecurity policies and guidance.
- Experience coordinating across engineering, operations, compliance, and stakeholder teams within complex enterprise environments.
- Ability to drive accountability, prioritization, and execution across multiple stakeholders and workstreams.
- Strong understanding of enterprise IT environments, including cloud (AWS, Azure, GCP) and hybrid architectures.
- Familiarity with enterprise platforms such as Microsoft 365, Azure AD, Cisco, and Oracle.
- Experience with GRC and SA&A tools such as Archer, eMASS, JCAM/CSAM, or Xacta.
- Strong documentation, reporting, analytical, leadership, and communication skills, including the ability to convey complex technical issues to non-technical audiences.
- Experience using SharePoint and PowerBI to support reporting, metrics tracking, workflow management, and executive visibility activities.
- Proficient in Microsoft Office (Word, Excel, PowerPoint, SharePoint).
Preferred Qualifications:
- Prior experience functioning in an ISSM, Deputy ISSM, Lead ISSO, or GRC Lead role within a federal environment.
- CISSP (strongly preferred), CISM, CAP, CRISC, and/or PMP certification.
- Experience supporting enterprise-level or multi-system federal portfolios.
- Familiarity with FedRAMP, cloud compliance requirements, and federal privacy regulations.
- Familiarity with cloud security, enterprise architectures, and modern federal cybersecurity practices.
- Ability to operate effectively in a fast-paced, high-visibility environment with competing priorities.
Apply on company website
Find Connections via Linkedin
