Job ID: 2401424
Location: WASHINGTON, DC, United States
Date Posted: Apr 9, 2024
Category: Cyber
Subcategory: Cybersecurity Ops
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: Public Trust
Potential for Remote Work: Hybrid Remote
Benefits: Click here
Description
SAIC is looking for an experienced Information System Security and Privacy Officer (ISSPO) to join our team supporting an important US government agency in the National Capital Region. This is an exciting opportunity to work with a team responsible for IT Security Governance, Risk and Compliance by providing direct support to Agencies Information System Security and Privacy Officer (ISSPO) in managing and documenting the ongoing security posture of the agency. The ISSPO will support the Program Manager and work collaboratively with other Information Systems Security Analysts, IT SMEs and System Administrators to conduct analysis, mitigation, remediation, and monitoring to ensure compliance with agency policies and procedures. The ISSPO will lead, and guide efforts associated with obtaining and maintaining RMF Authorities to Operate (ATO) for systems within the customer’s multi-faceted network infrastructure, spanning multiple platforms residing on multiple security enclaves. Specifically, this job will consist of the following:
· Provide Risk Management Framework (RMF) and Authorization and Accreditation (A&A) activities such as developing and maintaining systems Authority to Operate (ATO) package documentation.
This role requires on site work in Washington, D.C. 2 days per week.
Qualifications
EDUCATION & EXPERIENCE:
· Undergraduate degree with eleven years of experience or Graduate degree with nine years of experience in IT Infrastructure, IT Security, and/or Governance, Risk and Compliance (GRC).
· One or more current Security certifications (CISSP, CISM, Security+).
REQUIRED SKILLS:
· Expert knowledge of RMF accreditation packages and all steps of the RMF process.
· Experience in Security, Privacy Assessment and Authorization (SPA&A) activities and ATO package creation.
· Experience working with RMF and NIST SP 800-53 (Rev 4/5)
· Knowledge of cyber-attack patterns, tactics, techniques, and procedures.
· Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
· Familiarity with IT Audits using FISCAM processes and procedures.
· Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST SP 800-53, and IT control processes.
· Experience with GRC frameworks/tools (RSAM, CSAM) and SA&A tools (Xacta).
· Very strong technical understanding of Windows and Linux platforms
· Experience taking IT and network system(s) through the ATO process
· Ability to tailor information security processes and tools, based on ever evolving and changing landscapes, doctrine, and risk scenarios.
· Comprehensive knowledge performing and identifying impacts as well as consideration of existing risk mitigation strategies.
· Experience with auditing control implementations and communicating risks associated with control deficiencies or gaps.
· Experience with SharePoint lists and workflows, and general project management tools
· Ability to work effectively independently as well as within a team environment.
· Fluency in both spoken and written English, including the ability to work with highly technical and specialized content. Must be able both prepare and deliver such content, verbally and in writing, but also comprehend such content from others, in both spoken and written form.
· Ability to work in a fast-paced environment while maintaining outstanding customer service skills.
· Must be flexible with work schedule during surge periods of support.
· Ability to document processes as needed.
· Proficiency in explaining complex policies and protocols in simple terms.
· Stays updated on IT trends and security standards
· Demonstrates excellent analytical thinking and problem-solving skills to be able to assess potential risks and develop possible solutions.
Candidates for consideration must be eligible to obtain and maintain a Public Trust clearance.
DESIRED SKILLS: A solid understanding of IT security controls, tools, and concepts. Experience working in a technical environment with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle, etc. is also desired.
SAIC accepts applications on an ongoing basis and there is no deadline.
Overview
SAIC® is a premier Fortune 500® technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.
We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.