About the Opportunity
SAIC is seeking a full time Cloud Security Risk Assessor -Senior to support a government client in the Risk Management Assessment and Authorization (A&A) processes for systems in the Cloud. This role requires a self-starter with the ability to perform with limited oversight. In this role you will perform guide Cloud system owners through NIST 800-53 risk assessments while enhancing their current process workflows and developing new processes and templates. You will ensure the client meets established information security, compliance, operational risk, and reporting requirements. You will develop or update process and template documentation. The candidate must be able to work independently and with a team. This position requires a broad mix of technical and business acumen coupled and excellent communication skills.
Duties and Responsibilities:
- Develop and advise development of Assessment and Authorization (A&A) artifacts and security documentation to include, but not limited to:
- System Security Plans (SSP)
- Plan of Action and Milestone (POAM)
- Contingency Plan
- Incident Response Plan
- Configuration Management Plan
- Enhance and perform standard operating procedures as applicable for systems to be assessed for an Authorization to Operate (ATO)
- Provide technical expertise in IT Security Risk Management functions
- Develop ATO artifact templates to include but not limited to SSPs, POAMs, Contingency Plans, and other security documentation
- Develop and present briefs to stakeholders and government leads.
- Develop deliverables to include drafting data diagrams, creating security and privacy documents
- Identify process improvements and document processes, procedures, and job aides
- Develop briefing communications and other deliverables
- Train others on RMF and ATO processes
- Assist with pre-assessment preparation
Education and Years of Experience:
- Bachelors degree and 5+ years of experience. May accept an additional 4 years of experience in lieu of a degree.
- 5+ years’ experience working as an ISSO or Risk Assessor (7 years preferred) supporting the ATO functions
- Ability to self-start and discover problems and solutions for the client that were not previously identified.
- Ability to train on the ATO process as well as assist with pre-assessment preparation.
- Extensive experience working in the NIST Risk Management Framework (RMF) and implementing security controls for the NIST 800-53 Rev 4
- Experience developing ATO security documentation and templates, including but not limited to SSPs, POAMs, Contingency Plans, Scoping templates
- Ability to develop deliverables
- Excellent oral and written skills
- Ability to provide strategy and communication briefs to and management.
- Working knowledge of the cloud FedRAMP process
- Strong working proficiency of Microsoft Office Suite and other PC desktop applications (including but not limited to SharePoint, Visio, Powerpoint, Word)
- Work well with team, internal and external clients
- Provide transparency and communicate well with others including non-technical audiences
- Ability to plan, execute, and document assessment activities following established processes and procedures, with minimal guidance
- Strong attention to detail, analytical, and problem-solving skills
- Ability to synthesize and summarize complex data into concise recommendations and deliverables
- Excellent written and verbal communication skills with the ability to deliver communications in a concise, persuasive, and succinct manner
- Think logically and intuitively; Strong learning agility with the ability to learn new processes / patterns
- Bachelor’s degree with a concentration in Cybersecurity, Computer Science, Management Information Systems, Business or Engineering preferred
- Experience as a Scrum Master and knowledge in the Agile process
- Service Now experience
- NIH System Authorization Tool (NSAT) experience
- Experience supporting a federal government agency
- DOD 8570 IAT/IAM Level II certification
- Must be able to obtain a Public Trust
Physical Requirement(s): No Physical requirement needed for this position
Min. Citizenship Status Required: US Citizen
COVID Policy: Prospective and/or new employees are required to adhere with SAIC's vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at Contact Us
and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC's vaccination policy.
Target salary range: $115,001 - $125,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.
We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.