Cyber GRC Program Manager
Posted on: April 9, 2021
By providing the information below and checking the boxes
include access and use of your information for the purposes of
sharing your information for possible employment recruitment
effects by SAIC and it's third party vendors. For further
Location: AUSTIN, TX, United States
Date Posted: Mar 24, 2021
Subcategory: Cyber GRC
Shift: Day Job
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: Yes
Benefits: Click here
Job DescriptionDescription About SAIC SAIC is a premier technology
integrator solving our nation's most complex modernization and
readiness challenges across the defense, space, federal civilian,
and intelligence markets. Our robust portfolio of offerings
includes high-end solutions in systems engineering and integration;
enterprise IT, including cloud services; cyber; software; advanced
analytics and simulation; and training. Position Summary SAIC is
seeking a GRC Program Manager to join our team supporting state
agencies within Texas . This position will be dedicated to a single
agency as staff augmentation and will be focused on assisting that
agency with building out a GRC program. This role requires an
experienced, motivated and collaborative approach to achieve the
desired business outcomes. The role is expected to be remote. Job
- Collaborates with matrixed or multi-discipline teams across the
agency in security-related decision-making; consults and negotiates
with stakeholders to provide information security services to meet
customer needs with automated or business improvement solutions
consistent with agency plans, standards, and guidelines; defines
and implements new or revised methods that effectively meet agency
- Oversees the ongoing development and implementation of
information and cybersecurity policies, standards, guidelines, and
procedures to ensure information security capabilities cover
current threat capabilities.
- Lead the development and implementation of the risk management
function of the information security program to ensure information
security risks are identified and monitored.
- Perform business impact analysis and develop the risk
- Work with IT and business teams to perform security and
compliance assessments on new and existing systems, processes, and
- Recommend programmatic and technical directions and operate
with a high degree of independence in matters relating to the
investigation, impact, and analysis of security incidents,
decisions regarding risk, and measures for computer and network
- Work with Internal/External Auditor Offices and outside
consultants as appropriate on required security assessments and
audits. Coordinate and track all information technology and
security related audits including scope of audits, units involved,
timelines, auditing agencies and outcomes. Work with auditors as
appropriate to keep audit focus in scope, maintain excellent
relationships with audit entities and provide a consistent
perspective that continually puts the agency in its best light.
Provide guidance, evaluation and advocacy on audit responses.
- Consults and coordinates with other risk management
representatives to assess risk exposures and develop plans to
- Perform periodic gap assessments to validate compliance on an
- Assists in advising management and users regarding security
configurations and procedures.
- Develops and manages information security and risk management
awareness and training programs. Trains users and promotes security
- Performs cybersecurity incident detection, analysis, and
- Support vendor due-diligence process and help to lead and
define overall third-party risk management efforts.
- Work with various business units to ensure security controls
are adequate, appropriate, and effective.
- Interacts in both oral and written communications with all
levels of System staff including; IT staff, developers, executive
staff, general counsel, auditors, as well as technology vendors and
contractors, in matters related to information security and
security awareness materials.
- Stay up to date and informed on developing regulatory concerns
and changing IT and information security trends to include IRS pub
1075, CJIS, HIPAA, and various NIST pubs (i.e. 800-53).
- Responsible for preventing data loss and service interruptions
by researching new technologies to effectively protect the agency
- Creation and maintenance of incident response playbooks and
runbooks aligning with industry best practices and cybersecurity
- Document, prioritize, recommend, and report on vulnerability
mitigation and security enhancement actions and plans.
- Identify and communicate current and emerging security
- Assist with the rollout of new security technologies and the
training of security team members.
- Provides training and knowledge transfer to Full Time Employee
(FTE) staff on information security procedures. Assists in the
organization and delivery of training, as needed, for all employees
regarding company security and information safeguarding.
- Perform other duties as assigned. Qualifications Required:
- Education: Bachelor's from an accredited four-year college or
university with major coursework in information technology
security, computer information systems, computer science,
management information systems, cybersecurity or a related field is
generally preferred; experience in the following (or closely
related) fields may be substituted for the required education on a
year-for-year basis: cybersecurity, information technology
security, computer information systems, computer science,
management information systems; may substitute an advanced degree
in a related field for two of the required years of experience;
Master's Degree highly desired.
- Ability to share meaningful insights about the context of an
organization's threat environment that improve its risk management
- Ability to establish and always maintain effective and
professional working relationships with others in the course and
scope of conducting business.
- Ability to resolve complex security issues in diverse and
decentralized environments; to learn, communicate, and teach new
information and security technologies; and to communicate
- Ability to gather, assemble, correlate, and analyze facts; to
devise solutions to problems; to market the security program; to
prepare reports; to develop, evaluate, and interpret policies and
procedures; to communicate effectively; and to provide guidance to
- Ability to operate with a high degree of independence regarding
project management activities, including development of project
plans and budget/resource estimates.
- Assists in developing program policies, procedures, standards,
and manuals in accordance with program objectives and goals.
- Conducts risk assessments, testing, threat analyses and audits
of computer systems, IT infrastructure and security processes;
recommends system and procedural changes to avoid security
breaches; Supports ongoing compliance activities by researching and
evaluating security policies and practices, industry standards and
regulations. Conduct frequent testing of simulated cyber-attacks to
look for vulnerabilities in the computer systems and take care of
these before an outside cyber-attack. Work with technology and
business teams to develop and document risk mitigation action
plans, along with recommendations to reduce information security
risk within their areas.
- Certified Information Security Systems Professional (CISSP) or
equivalent (i.e. Certified Information Security Manager
- Experience in the creation and roll-out of enterprise-wide
security awareness and training programs to educate the workforce
on security awareness best practices; a plus is experience with
- Knowledge of software development life cycle methodologies to
include as SAST and DAST tools for secure application development
as part of DevSecOps. Ensure effective coverage of application
vulnerability methods including static and dynamic code analysis,
application testing, and penetration testing.
- Develops and recommends plans to safeguard computer
configurations and data files against accidental or unauthorized
modification, destruction, or disclosure and to meet emergency data
processing needs. Work with stakeholders to ensure disaster
recovery plans are up to date and meet compliance standards.
- Experience with information system security management,
information security, troubleshooting, information systems, quality
assurance and control, SQL, network security, cyber threat
- Experience building and working with Incident Response
Playbooks aligned with industry best practices and cybersecurity
toolsets as well as analyzing, reporting, and remediating advanced
threats to the network. Preferred:
- Experience conducting and managing audits and assessments.
- Significant knowledge and experience with any of the federal
and state legal, privacy, and regulatory compliance standards such
as HITRUST, HIPAA, ISO27001, SOC2, FedRAMP, PCI-DSS, GDPR, CCPA,
IRS Safeguards Program, FERPA, CJIS, TAC202, etc. compliance.
- Demonstrated experience in identifying the root cause of an
incident and recognize the key elements to investigate to get to
the root cause of an incident
- Skill in creating and conducting trainings and providing
guidance to staff in the development and integration of new or
revised methods and procedures.
- Knowledge of configuration management, change control/problem
management integration, risk assessment and acceptance, exception
management and security baselines (e.g. CIS Baselines, NIST, vendor
security technical implementation guides, etc.)
- Experience with IT GRC/IRM platforms (ServiceNow, OneTrust,
MetricStream, Galvanize, RSA Archer, etc.).
- Experience working with security management tools (e.g.,
vulnerability scanners, file integrity monitoring, configuration
monitoring, etc.) network monitoring, malware, data loss prevention
technologies and perimeter technologies (e.g., router, firewalls,
web proxies and intrusion prevention, endpoint detection response
- Experience reviewing third-party contracts for cyber and
information security compliance.
- Managing and supporting user facing security technologies (MDM,
Endpoint Security Technologies, E-mail Security Gateways, SIEM,
DLP, CASB, and Authentication).
- Develop, configure, document, maintain, and utilize enterprise
security tools to identify, alert, and responds to security alerts
and events in order to maintain the security of our data
- Review alerts and data collected from data security systems on
a daily basis and report findings. Must have extensive experience
with Security Information and Event Management (SIEM) tools to
include management of dashboards and security tool
- Familiarization with cloud computing to include the risks and
benefits of using a vendor's remote servers to store, manage and
process an organization's data.
- Analysis experience and operational understanding of network
equipment, network services, and network/system monitoring
- Analysis experience and operational understanding of one or
more major operating systems (Microsoft Windows, Linux, or
- Desired Certifications: Certified Information Systems Security
Professional (CISSP); Certified Information Security Manager
(CISM); Certified Ethical Hacker (CEH); Security Certified
Professional (OSCP); Cybersecurity vendor related trainings and
certifications Two or more of the following certifications or
- Certified Information Systems Auditor (CISA)
- Certification and Analysis Professional (CAP)
- Systems Security Certified Practitioner (SSCP)
- Certified in the Governance of Enterprise Information
- Certified Information Privacy Professional (4 different
versions CIPP IT, CIPP Government and CIPP Canada and only
- Global Information Assurance Certification Certified Incident
- SANS GIAC: "Intrusion Prevention", "Incident Handling",
"Vulnerability Assessment", "Forensics", "Risk Management", or "IT
Target salary range: $150,001 - $175,000. The estimate displayed
represents the typical salary range for this position based on
experience and other factors.
OverviewSAIC is a premier technology integrator solving our
nation's modernization and readiness challenges. Our offerings
across defense, space, civilian, and intelligence markets include
high-end solutions in engineering, IT, and mission outcomes. We
integrate the best components from our portfolio with our partner's
ecosystem to deliver innovative and effective solutions. We are
25,500 strong; driven by mission, united by purpose, and inspired
by opportunities. Headquartered in Reston, VA, SAIC has annual
revenues of nearly $7.1 billion. For information, visit saic.com or
Working at SAIC for benefits details.SAIC is an Equal Opportunity
Employer empowering people no matter their race, color, religion,
sex, gender identity, sexual orientation, national origin,
disability, or veteran status. We strive to create a diverse,
inclusive and respectful work culture that values all. During this
time, SAIC continues to hire key talent. As we adopt new ways of
supporting our business and customers, our company has implemented
various flexwork options, as well as virtual hiring processes and
online events in compliance with social distancing guidelines.
These virtual strategies protect our existing and future team
members, while enabling us to keep the security and defense of our
nation in focus.
Keywords: Saic, Austin , Cyber GRC Program Manager, Accounting, Auditing , Austin, Texas
Didn't find what you're looking for? Search again!