Join our Talent Network >

Cyber GRC Analyst

Job ID: 214485
Location: AUSTIN, TX, United States
Date Posted: Apr 16, 2021
Category: Cyber
Subcategory: Cyber GRC
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: Yes
Benefits: Click here

Share: mail

Job Description


About SAIC

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training.


Position Summary

SAIC is seeking a GRC Analyst to join our team supporting state agencies within Texas. This position will be dedicated to a single agency as staff augmentation and will be focused on the operational tasks associated with GRC. This includes risk management, vulnerability management, controls mapping, training and security awareness activities in support of the overall GRC program. This role works under the supervision of the GRC program manager and a focus on collaboration with a broad team is critical for success. The role is expected to be remote.  Job responsibilities include:


  • Perform highly complex configuration, maintenance, and monitoring of the security of the network.
  • Develop, configure, document, maintain, and utilize enterprise security tools to identify, alert, and responds to security alerts and events in order to maintain the security of our data systems.
  • Responsible for preventing data loss and service interruptions by researching new technologies to effectively protect the agency network.
  • Creation and maintenance of incident response playbooks and runbooks aligning with industry best practices and cybersecurity toolsets.
  • Responsible for ensuring networks have adequate security to prevent unauthorized access.
  • Document, prioritize, recommend, and report on vulnerability mitigation and security enhancement actions and plans.
  • Review and improve our vulnerability management systems to identify any hardware misconfigurations or software deficiencies, to reduce our overall risk profile.
  • Identify and communicate current and emerging security threats.
  • Managing and supporting user facing security technologies (MDM, Endpoint Security Technologies, E-mail Security Gateways, SIEM, DLP, CASB, and Authentication).
  • Assist with the rollout of new security technologies and the training of security team members.
  • Provides training and knowledge transfer to Full Time Employee (FTE) staff on information security procedures.  Assists in the organization and delivery of training, as needed, for all employees regarding company security and information safeguarding.
  • Translate proposed capabilities into technical requirements.
  • Assess and design security management functions as related to cyberspace.


Experience, Education and Certification


  • Education: Bachelor’s from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, cybersecurity or a related field is generally preferred; experience in the following (or closely related) fields may be substituted for the required education on a year-for-year basis: cybersecurity, information technology security, computer information systems, computer science, management information systems; may substitute an advanced degree in a related field for two of the required years of experience; Master’s Degree highly desired.
  • Conducts risk assessments, testing, threat analyses and audits of computer systems, IT infrastructure and security processes; recommends system and procedural changes to avoid security breaches; Supports ongoing compliance activities by researching and evaluating security policies and practices, industry standards and regulations. Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack. Work with technology and business teams to develop and document risk mitigation action plans, along with recommendations to reduce information security risk within their areas.
  • Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) network monitoring, malware, data loss prevention technologies and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, endpoint detection response etc.).
  • Managing and supporting user facing security technologies (MDM, Endpoint Security Technologies, E-mail Security Gateways, SIEM, DLP, CASB, and Authentication).
  • Develop, configure, document, maintain, and utilize enterprise security tools to identify, alert, and responds to security alerts and events in order to maintain the security of our data systems.
  • Experience with information system security management, information security, troubleshooting, information systems, quality assurance and control, SQL, network security, cyber threat modeling
  • Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
  • Experience building and working with Incident Response Playbooks aligned with industry best practices and cybersecurity toolsets as well as analyzing, reporting, and remediating advanced threats to the network.
  • Review alerts and data collected from data security systems on a daily basis and report findings. Must have extensive experience with Security Information and Event Management (SIEM) tools to include management of dashboards and security tool integrations.
  • Develops and recommends plans to safeguard computer configurations and data files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs. Work with stakeholders to ensure disaster recovery plans are up to date and meet compliance standards.
  • Familiarization with cloud computing to include the risks and benefits of using a vendor’s remote servers to store, manage and process an organization’s data.
  • Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.).
  • Ability to establish and always maintain effective and professional working relationships with others in the course and scope of conducting business.
  • Experience in the creation and roll-out of enterprise-wide security awareness and training programs to educate the workforce on security awareness best practices; a plus is experience with phishing simulators
  • Knowledge of software development life cycle methodologies to include as SAST and DAST tools for secure application development as part of DevSecOps. Ensure effective coverage of application vulnerability methods including static and dynamic code analysis, application testing, and penetration testing.
  • Certified Information Security Systems Professional (CISSP) or equivalent (i.e. Certified Information Security Manager (CISM))



  • Experience working with threat intelligence partners and converting it into actionable signatures, detection techniques and policies is preferred.
  • Familiarization with at least one programing language:  C, C++, C#, Java or PHP. Familiarization with Windows, UNIX and Linux operating systems, on which most of the business world runs
  • Analysis experience and operational understanding of network equipment, network services, and network/system monitoring tools
  • Analysis experience and operational understanding of one or more major operating systems (Microsoft Windows, Linux, or Mac)
  • Demonstrated experience in identifying the root cause of an incident and recognize the key elements to investigate to get to the root cause of an incident
  • Familiar with federal and state regulatory requirements for ensuring information security compliance with applicable laws such as HIPAA, PCI, TAC 202, FTI and/or FERPA, compliance.
  • Desired Certifications: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified Ethical Hacker (CEH); Security Certified Professional (OSCP); Cybersecurity vendor related trainings and certifications
    • Two or more of the following certifications or trainings:
      • Certified Information Systems Auditor (CISA)
      • Certification and Analysis Professional (CAP)
      • Systems Security Certified Practitioner (SSCP)
      • Certified in the Governance of Enterprise Information Technology (CGEIT)
      • Certified Information Privacy Professional (4 different versions CIPP IT, CIPP Government and CIPP Canada and only CIPP)
      • Cisco Certified Network Professional (CCNP) or Cisco certified Security Professional (CCSP)
      • Global Information Assurance Certification Certified Incident Handler (GCIH)
      • NSA IAM / IEM Certification
      • SANS GIAC: "Intrusion Prevention", "Incident Handling", "Vulnerability Assessment", “Forensics”, "Risk Management", or "IT Auditor"

Target salary range: $75,001 - $100,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.


SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.

Share: mail

Similar Jobs

Cyber GRC Analyst

AUSTIN, TX, United States

Cyber GRC Program Manager

AUSTIN, TX, United States

GRC Analyst Associate

AUSTIN, TX, United States