Description
The SAIC Governance, Risk, Compliance and Business Resilience team is looking for a motivated and flexible candidate to fill a Senior Cybersecurity Compliance Analyst role. The primary focus for this position will be maintaining cybersecurity compliance posture as it relates to regulatory and standards compliance impacting defense industrial base companies.
Responsibilities:
Review and understand applicable regulations and standards including but not limited to NIST SP 800-171, DOD Cybersecurity Maturity Model Certification (CMMC), ISO 27001, and ISO 20000.
Assess compliance of the enterprise network environment to applicable standards and regulations, to include hybrid on-premises and cloud environments.
Analyze applicable regulations and standards to facilitate implementation of controls with both technical and non-technical subject matter experts (SMEs).
Review and provide feedback on applicable new or changing regulations and standards for impacts to the company's compliance posture, including but not limited to internal stakeholders and external industry working groups.
Document controls implementation narratives.
Gather and maintain evidence of controls implementation consistent with implementation narratives.
Coordinate third-party audit and assessment activities related to regulatory and standards control compliance including evidence gathering, SME preparation, and scheduling.
Develop, disseminate, and maintain documentation related to cybersecurity compliance processes, including but not limited to continuous controls monitoring for regulatory and standards compliance.
Work closely with internal audit teams to validate implementation of compliance controls.
Conduct reviews of System Security Plans (SSPs) for compliance with applicable regulations and standards.
Engage with internal SMEs to implement controls and address control deficiencies where necessary related regulations and standards.
Research, evaluate, and recommend solutions to address control deficiencies and identify areas for controls improvement.
Support additional tasks related to governance, risk, and compliance activities as needed.
Qualifications
Education and Experience Requirements
Citizenship and Certification Requirements:
Must be a US Citizen.
Must possess one of the following active certifications: CISSP, CISA, or CAP.
Skills and Experience:
Ability to effectively communicate business risk as it relates to cybersecurity compliance.
Direct experience implementing/maintaining compliance to one of the following: ISO 27001, ISO 20000, NIST SP 800-53, NIST SP 800-171, DOD CMMC.
Strong written and verbal communication skills.
Ability to work independently on assigned tasks as well as with cross-functional groups.
Ability to self-assign tasks within assigned responsibilities without direct supervision and report on status of tasks.
Strong attention to detail is critical.
Strong time management and project management skills.
Preferred Qualifications
Strong written documentation skills.
Direct experience implementing/maintaining compliance to ISO 27001 and NIST SP 800-171.
Experience developing and maintain SSPs against NIST SP 800-171.
Experience working with DOD unclassified standards and requirements.
Experience working with requirements for securing Controlled Unclassified Information (CUI).
Experience implementing NIST Cybersecurity Framework (CSF).
Experience using ServiceNow Continuous Authorization and Monitoring module.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site. REQNUMBER: 2409580
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability
