Join SAIC’s team to assist the Federal Health agencies such as Veteran Affairs (VA), Defense Health Agency (DHA), and Federal Drug Administration (FDA) implement an integrated system supporting health systems and facilities to deliver a single modernized system. The team will transition existing and proposed systems while maintaining IT service and support capabilities supporting large number of personnel who support the continuum of health services. This is a contingent position located in the Charleston, South Carolina.
The Chief Security Architect is responsible for the Information Security Management and Risk Management practices, including the On-Going Program of Security Planning. This role coordinates cyber security and risk management activities across the Integrated Service Providers, including adherence to security policies and compliance.
The Chief Security Architect heads and manages subordinate management and/or experienced Information Security Management and Risk Management personnel to transform the customer environment into a more secure operating environment in the following areas:
- Assess that all security risks associated with the delivery of Integrated Services are appropriately identified, evaluated, and appropriate controls are implemented and maintained. Recommend continuous improvements via a monthly report based on security vulnerability and risk assessments.
- Work with Government Security Division stakeholders and responsible for developing and maintaining visions and future states of the DHA security architecture and associated operational procedures to guide the cybersecurity activities
- Upon direction of the Government, create a Plan of Actions and Milestones detailing the plan to remediate or mitigate risks within the timeframe established by Government or the Customer.
- Conduct formal monthly meetings with each Integrated Service Provider to review their progress in addressing risks that need to be mitigated in their services.
- Coordinate Risk Management activities with the practice for Monitoring and Event Management to detect risks and emerging trends.
- Develop and maintain a continuous Cyber Security Plan that complies with Government policies and rules, which will comprise the on-going activities that accomplish the goals for Cyber Security Management and coordinates the activities of the Integrated Service Providers, the Government, Customers, and other vendors as identified by the Government.
- Develop, implement, and maintain internal standards, objectives, processes, and procedures to maintain compliance with Government policies and rules, and Customer requirements.
- Elevate identified security risks to Governance and the Authorizing Official for acceptance, mitigation, or other actions.
- Enforce the Government defined Risk Management Framework (RMF) for accrediting Information Systems.
- Ensure that all Information Systems managed by the Integrated Service Providers are continuously accredited in accordance with RMF requirements, the publications, and subsequent publications and regulations.
- Ensure that deployed applications meet the features of Identification and Authentication, Auditing, and Discretionary Access Control. Additionally, the contractor will employ compliant encryption in accordance with DoD and DHA policies, and digital certificates for web-based components.
- Ensure the Confidentiality, Integrity, and Availability (CIA) of the Government’s information, data, and IT services.
- Identify proposed or pending changes to Integrated Service Provider managed Information Systems that would be considered “major changes” for RMF certification purposes and perform risk mitigation activities.
- Implement and maintain a security awareness program to ensure that Integrated Service Provider personnel are aware of Government policies and rules, and the security and operational requirements of the Environment and Integrated Environment.
- Maintain and sustain compliance with all commercial security patches including applicable Security Technical Implementation Guide (STIG) and Information Assurance (Cybersecurity) Vulnerability Alert (IAVA) messages for Integrated Service Providers managed Information Systems, applications, and tools.
- Operate a quarterly forum with all the Integrated Service Providers and Governance and other Government designated entities. At this forum, review progress in addressing identified risks to be mitigated in the end-to-end delivery of services. As well as, review emerging trends and risks, and the effectiveness of key controls.
- Protect against unauthorized disclosure of data to protect the privacy of Government contractors and private individuals on which the information is maintained. Contractor shall maintain adequate controls and protection of sensitive data to meet DoD and DHA policies.
- Register and subscribe to United States CERT and vendor websites to be alerted to all released security advisories, security alerts, updates, and work-around.
- Support the appropriate Governance forums with specific risk content as defined by Government.
- Track the status of any remediation efforts as defined in any outstanding POA&M, and provide reports as defined.
Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
- Previous experience in VA, DHA, and/or FDA strongly preferred
- Experience with securing an IT environment both CONUS/OCONUS.
- Previous experience managing an ATO process.
- Experience managing Information Security Management and/or Risk Management practices and processes.
- Experience in executing the Information Technology Service Management (ITSM) framework including best practices such as Information Technology Infrastructure Library (ITIL), Agile, Scrum and DevSecOps.
- ITIL V3 certification required; ITIL V4 preferred
- CISSP or CompTIA Security+ certification required
- PMP certification preferred
- AWS, Azure, and/or ServiceNow certification preferred
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.
We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability