Job ID: 2401424
Location: WASHINGTON, DC, United States
Date Posted: Feb 22, 2024
Subcategory: Cybersecurity Ops
Shift: Day Job
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: Public Trust
Potential for Remote Work: Hybrid Remote
Benefits: Click here
SAIC is looking for an experienced Information System Security and Privacy Officer (ISSPO) to join our team supporting an important US government agency in the National Capital Region. This is an exciting opportunity to work with a team responsible for IT Security Governance, Risk and Compliance by providing direct support to Agencies Information System Security and Privacy Officer (ISSPO) in managing and documenting the ongoing security posture of the agency. The ISSPO will support the Program Manager and work collaboratively with other Information Systems Security Analysts, IT SMEs and System Administrators to conduct analysis, mitigation, remediation, and monitoring to ensure compliance with agency policies and procedures. The ISSPO will lead, and guide efforts associated with obtaining and maintaining RMF Authorities to Operate (ATO) for systems within the customer’s multi-faceted network infrastructure, spanning multiple platforms residing on multiple security enclaves. Specifically, this job will consist of the following:
· Provide Risk Management Framework (RMF) and Authorization and Accreditation (A&A) activities such as developing and maintaining systems Authority to Operate (ATO) package documentation.
This role requires on site work in Washington, D.C. 2 days per week.
EDUCATION & EXPERIENCE:
· Undergraduate degree with eleven years of experience or Graduate degree with nine years of experience in IT Infrastructure, IT Security, and/or Governance, Risk and Compliance (GRC).
· One or more current Security certifications (CISSP, CISM, Security+).
· Expert knowledge of RMF accreditation packages and all steps of the RMF process.
· Experience in Security, Privacy Assessment and Authorization (SPA&A) activities and ATO package creation.
· Experience working with RMF and NIST SP 800-53 (Rev 4/5)
· Knowledge of cyber-attack patterns, tactics, techniques, and procedures.
· Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
· Familiarity with IT Audits using FISCAM processes and procedures.
· Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST SP 800-53, and IT control processes.
· Experience with GRC frameworks/tools (RSAM, CSAM) and SA&A tools (Xacta).
· Very strong technical understanding of Windows and Linux platforms
· Experience taking IT and network system(s) through the ATO process
· Ability to tailor information security processes and tools, based on ever evolving and changing landscapes, doctrine, and risk scenarios.
· Comprehensive knowledge performing and identifying impacts as well as consideration of existing risk mitigation strategies.
· Experience with auditing control implementations and communicating risks associated with control deficiencies or gaps.
· Experience with SharePoint lists and workflows, and general project management tools
· Ability to work effectively independently as well as within a team environment.
· Fluency in both spoken and written English, including the ability to work with highly technical and specialized content. Must be able both prepare and deliver such content, verbally and in writing, but also comprehend such content from others, in both spoken and written form.
· Ability to work in a fast-paced environment while maintaining outstanding customer service skills.
· Must be flexible with work schedule during surge periods of support.
· Ability to document processes as needed.
· Proficiency in explaining complex policies and protocols in simple terms.
· Stays updated on IT trends and security standards
· Demonstrates excellent analytical thinking and problem-solving skills to be able to assess potential risks and develop possible solutions.
Candidates for consideration must be eligible to obtain and maintain a Public Trust clearance.
DESIRED SKILLS: A solid understanding of IT security controls, tools, and concepts. Experience working in a technical environment with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle, etc. is also desired.
SAIC accepts applications on an ongoing basis and there is no deadline.
SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective and efficient solutions that are critical to achieving our customers' missions.
We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.9 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.