Description
SAIC is seeking a Cybersecurity Risk Manager to join the Governance, Risk and Compliance (GRC) Team. This position may be remote anywhere in the US for the right candidate.
The Cybersecurity Risk Manager will work closely with the technical process teams to facilitate application and system risk assessments, coordinate remediation efforts, assist with creating mitigation plans, validate control effectiveness, as well and track remediation efforts to completion. The position will also be a key cybersecurity role in continuous improvement of SAIC's Cybersecurity Risk Management Program.
Responsibilities include:
Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
Perform application risk assessments/reassessment tasks.
Perform technical system/infrastructure risk assessments/reassessment tasks.
Monitor, track, report assessment results for risk owners; and escalate risks to Senior Leadership.
Perform vendor risk assessment/reassessment tasks.
Develop mitigation and corrective action plans with application/system owners.
Define and meet SLA expectations for assessments/reassessments.
Communicate and collaborate with internal teams, stakeholders, and leadership. Assist in the continuous improvement and maturity of the organizations overall cyber risk management framework, program, processes, and tools.
Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
Assist with maintenance of the GRC tool used by the team.
Assist with tracking and remediation of penetration test results.
Assist with tracking and remediation of vulnerabilities.
Provide 2nd line of defense support for technical process teams.
Recommend appropriate policy, standards, process, and procedural updates as part of comprehensive remediation solutions.
Develop and provide key risk metrics for the cybersecurity risk management program.
Develop and maintain documentation in support of audit reviews.
Develop and maintain documentation in support of the cybersecurity risk management program.
Qualifications
Required Skills:
Bachelor's degree in Information Technology or similar discipline with 14+ years of experience, or Master's Degree with 12+ years of experience, or a PhD or JP and 9+ years of experience. An additional 4+ years of experience may be considered in lieu of a degree.
Must be a US Citizen.
Previous governance, risk, compliance experience in the IT field.
Previous supply chain risk management experience.
Previous vendor management experience.
Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, NIST 800-53, NIST 80-37, and ISO 27001 standards).
Ability to analyze complex information and make/defend independent judgements.
Strong oral and written communication skills and ability to transform technical knowledge into business language (e.g. reports, presentations, etc.)
Ability to work independently and strategically.
Ability to effectively collaborate and negotiate with diverse stakeholders to meet mission needs.
Ability to analyze complex information and make/defend independent judgements.
Ability to manage and prioritize multiple tasks and external dependencies to ensure deadlines are met.
Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
Certifications such as CISA, CISSP, CISM, or Security+.
Desired Skills:
Working knowledge of ServiceNow and/or other GRC tools.
Working knowledge of security tools for vulnerability scanning, DLP, endpoint protection, etc.
Technical proficiency in Cybersecurity.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site. REQNUMBER: 2401787
SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability
