Senior IT Risk and Compliance Specialist Senior

About the position Responsibilities • Manage and/or maintain the security posture and authorization lifecycle for multiple cloud and on-premises information systems. • Collaborate with stakeholders to attain information necessary for continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and supporting the SCA/ISSM during security control assessments. • Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), network architectures • Collaborate with stakeholders in order to develop program/project cyber policies . • Familiarization with NIST 800 series documentation, ( NIST 800-171, GD and GDIT Cybersecurity policies), hardening guidance from vendors and US Government clients. • Posses the ability to interpret vulnerability scan reports and coordinate with program stakeholders in order to remediate actions to closure and develop presentations and brief findings as needed. • Support incident response, contingency planning, and disaster recovery efforts as needed by program and stakeholders. • Serve as the program ISSO and represent the interests of the system owners, developers, and administrators. • The ISSO will Interface with auditors and assessors during security control assessments and authorization events. • Facilitate and collaborate with data owners, system owners, authorizing officials, and technical teams to prepare, implement, and monitor privacy and security controls in accordance with organizational risk policy. • Ensure compliance with applicable GDIT requirements and policies • maintain cyber compliance processes, procedures, and standards • Collaborate stakeholders to design and implement security controls for new and existing systems and lab environments • Maintain and update security documentation, including System Security Plans (SSPs, Architecture Diagrams, , Plan of Action and Milestones (POA&Ms), and other AO/AODR required documents, etc. • Support security assessments and audits as a key stakeholder during the SCA/ISSMs evaluation of the security controls, • Review vulnerability and compliance scan reports, and other relevant security reports and alerts for assigned systems • Support incident response activities, including investigation, containment, and recovery efforts and annual incident response testing Requirements • Minimum of 3+ years of experience serving as an ISSO for either Corporate or program levels with a basic understanding of ISSO duties and responsibilities and awareness of GRC tools (eMASS or XACTA) • Experience supporting security projects as well as delivering and supporting customer security requirements • Comprehension of change and configuration management and security impact analysis • Excellent problem-solving, analytical, and communication skills • Ability to effectively collaborate across multi-functional teams • Possesses experience with communicating and presenting technical solutions and status to executives, key stakeholders and decision makers • Familiarity with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management) • Ability to develop network architectures or follow templated examples in order to properly document a network architecture. • Knowledge of IT risk management frameworks and regulatory requirements (e.g., NIST 800-171, ISO 27001) • Knowledge of Security and privacy controls (e.g., CIS Level 2, DISA STIG) • Knowledge of DoD security authorization process • Knowledge of Security auditing practices and procedures and associated processes Nice-to-haves • Proven track record of successfully managing large-scale IT risk and compliance programs • Relevant certifications such as IAT Level II/8570/8140, Security +CE Preferred • Experience with Microsoft Office Products, Adobe Pro, Visio, JIRA, ServiceNow • Experience in a government • Familiarity with cloud security best practices and technologies • Must be clearable up to Top Secret • Bachelor's degree in computer science, information technology, information/cyber security or a related field Benefits • Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. • To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. • To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. • We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most. Apply tot his job