AustinRecruiter Since 2001
the smart solution for Austin jobs

Cyber GRC Program Manager

Company: Saic
Location: Austin
Posted on: April 9, 2021

Job Description:

By providing the information below and checking the boxes referenced, you acknowledge and consent to SAIC's Privacy Policy to include access and use of your information for the purposes of sharing your information for possible employment recruitment effects by SAIC and it's third party vendors. For further information, see SAIC's privacy policy Job ID: 214484
Location: AUSTIN, TX, United States
Date Posted: Mar 24, 2021
Category: Cyber
Subcategory: Cyber GRC
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: None
Potential for Remote Work: Yes
Benefits: Click here
Job DescriptionDescription About SAIC SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. Position Summary SAIC is seeking a GRC Program Manager to join our team supporting state agencies within Texas . This position will be dedicated to a single agency as staff augmentation and will be focused on assisting that agency with building out a GRC program. This role requires an experienced, motivated and collaborative approach to achieve the desired business outcomes. The role is expected to be remote. Job responsibilities include:

  • Collaborates with matrixed or multi-discipline teams across the agency in security-related decision-making; consults and negotiates with stakeholders to provide information security services to meet customer needs with automated or business improvement solutions consistent with agency plans, standards, and guidelines; defines and implements new or revised methods that effectively meet agency needs.
  • Oversees the ongoing development and implementation of information and cybersecurity policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.
  • Lead the development and implementation of the risk management function of the information security program to ensure information security risks are identified and monitored.
  • Perform business impact analysis and develop the risk register.
  • Work with IT and business teams to perform security and compliance assessments on new and existing systems, processes, and technology.
  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
  • Work with Internal/External Auditor Offices and outside consultants as appropriate on required security assessments and audits. Coordinate and track all information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the agency in its best light. Provide guidance, evaluation and advocacy on audit responses.
  • Consults and coordinates with other risk management representatives to assess risk exposures and develop plans to mitigate risks.
  • Perform periodic gap assessments to validate compliance on an ongoing basis.
  • Assists in advising management and users regarding security configurations and procedures.
  • Develops and manages information security and risk management awareness and training programs. Trains users and promotes security awareness.
  • Performs cybersecurity incident detection, analysis, and prevention.
  • Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
  • Work with various business units to ensure security controls are adequate, appropriate, and effective.
  • Interacts in both oral and written communications with all levels of System staff including; IT staff, developers, executive staff, general counsel, auditors, as well as technology vendors and contractors, in matters related to information security and security awareness materials.
  • Stay up to date and informed on developing regulatory concerns and changing IT and information security trends to include IRS pub 1075, CJIS, HIPAA, and various NIST pubs (i.e. 800-53).
  • Responsible for preventing data loss and service interruptions by researching new technologies to effectively protect the agency network.
  • Creation and maintenance of incident response playbooks and runbooks aligning with industry best practices and cybersecurity toolsets.
    • Document, prioritize, recommend, and report on vulnerability mitigation and security enhancement actions and plans.
    • Identify and communicate current and emerging security threats.
    • Assist with the rollout of new security technologies and the training of security team members.
    • Provides training and knowledge transfer to Full Time Employee (FTE) staff on information security procedures. Assists in the organization and delivery of training, as needed, for all employees regarding company security and information safeguarding.
    • Perform other duties as assigned. Qualifications Required:
      • Education: Bachelor's from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, cybersecurity or a related field is generally preferred; experience in the following (or closely related) fields may be substituted for the required education on a year-for-year basis: cybersecurity, information technology security, computer information systems, computer science, management information systems; may substitute an advanced degree in a related field for two of the required years of experience; Master's Degree highly desired.
      • Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
      • Ability to establish and always maintain effective and professional working relationships with others in the course and scope of conducting business.
      • Ability to resolve complex security issues in diverse and decentralized environments; to learn, communicate, and teach new information and security technologies; and to communicate effectively.
      • Ability to gather, assemble, correlate, and analyze facts; to devise solutions to problems; to market the security program; to prepare reports; to develop, evaluate, and interpret policies and procedures; to communicate effectively; and to provide guidance to others.
      • Ability to operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates.
      • Assists in developing program policies, procedures, standards, and manuals in accordance with program objectives and goals.
      • Conducts risk assessments, testing, threat analyses and audits of computer systems, IT infrastructure and security processes; recommends system and procedural changes to avoid security breaches; Supports ongoing compliance activities by researching and evaluating security policies and practices, industry standards and regulations. Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack. Work with technology and business teams to develop and document risk mitigation action plans, along with recommendations to reduce information security risk within their areas.
      • Certified Information Security Systems Professional (CISSP) or equivalent (i.e. Certified Information Security Manager (CISM))
      • Experience in the creation and roll-out of enterprise-wide security awareness and training programs to educate the workforce on security awareness best practices; a plus is experience with phishing simulators
      • Knowledge of software development life cycle methodologies to include as SAST and DAST tools for secure application development as part of DevSecOps. Ensure effective coverage of application vulnerability methods including static and dynamic code analysis, application testing, and penetration testing.
      • Develops and recommends plans to safeguard computer configurations and data files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs. Work with stakeholders to ensure disaster recovery plans are up to date and meet compliance standards.
      • Experience with information system security management, information security, troubleshooting, information systems, quality assurance and control, SQL, network security, cyber threat modeling
      • Experience building and working with Incident Response Playbooks aligned with industry best practices and cybersecurity toolsets as well as analyzing, reporting, and remediating advanced threats to the network. Preferred:
        • Experience conducting and managing audits and assessments.
        • Significant knowledge and experience with any of the federal and state legal, privacy, and regulatory compliance standards such as HITRUST, HIPAA, ISO27001, SOC2, FedRAMP, PCI-DSS, GDPR, CCPA, IRS Safeguards Program, FERPA, CJIS, TAC202, etc. compliance.
        • Demonstrated experience in identifying the root cause of an incident and recognize the key elements to investigate to get to the root cause of an incident
        • Skill in creating and conducting trainings and providing guidance to staff in the development and integration of new or revised methods and procedures.
        • Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
        • Experience with IT GRC/IRM platforms (ServiceNow, OneTrust, MetricStream, Galvanize, RSA Archer, etc.).
        • Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) network monitoring, malware, data loss prevention technologies and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, endpoint detection response etc.).
        • Experience reviewing third-party contracts for cyber and information security compliance.
        • Managing and supporting user facing security technologies (MDM, Endpoint Security Technologies, E-mail Security Gateways, SIEM, DLP, CASB, and Authentication).
        • Develop, configure, document, maintain, and utilize enterprise security tools to identify, alert, and responds to security alerts and events in order to maintain the security of our data systems.
        • Review alerts and data collected from data security systems on a daily basis and report findings. Must have extensive experience with Security Information and Event Management (SIEM) tools to include management of dashboards and security tool integrations.
        • Familiarization with cloud computing to include the risks and benefits of using a vendor's remote servers to store, manage and process an organization's data.
        • Analysis experience and operational understanding of network equipment, network services, and network/system monitoring tools
        • Analysis experience and operational understanding of one or more major operating systems (Microsoft Windows, Linux, or Mac)
        • Desired Certifications: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified Ethical Hacker (CEH); Security Certified Professional (OSCP); Cybersecurity vendor related trainings and certifications Two or more of the following certifications or trainings:
          • Certified Information Systems Auditor (CISA)
          • Certification and Analysis Professional (CAP)
          • Systems Security Certified Practitioner (SSCP)
          • Certified in the Governance of Enterprise Information Technology (CGEIT)
          • Certified Information Privacy Professional (4 different versions CIPP IT, CIPP Government and CIPP Canada and only CIPP)
          • Global Information Assurance Certification Certified Incident Handler (GCIH)
          • SANS GIAC: "Intrusion Prevention", "Incident Handling", "Vulnerability Assessment", "Forensics", "Risk Management", or "IT Auditor"
            Target salary range: $150,001 - $175,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.


            OverviewSAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details.SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all. During this time, SAIC continues to hire key talent. As we adopt new ways of supporting our business and customers, our company has implemented various flexwork options, as well as virtual hiring processes and online events in compliance with social distancing guidelines. These virtual strategies protect our existing and future team members, while enabling us to keep the security and defense of our nation in focus.

Keywords: Saic, Austin , Cyber GRC Program Manager, Accounting, Auditing , Austin, Texas

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Accounting, Auditing Jobs


Head of Global Tax
Description: About The Team br br We strive to be a world-class finance team with a great culture and have the same high standards with our work, systems, practices, and people. You will work very closely with (more...)
Company: Miro
Location: Austin
Posted on: 04/13/2021

Sr. Financial Investigator
Description: Summary The Senior Financial Investigator will conduct, manage and organize detailed examinations of information generated during complex financial criminal/civil investigations and information available (more...)
Company: Chenega MIOS
Location: San Antonio
Posted on: 04/13/2021

Consumer Investments Financial Solutions Advisor Training Program - South Austin, TX - Bilingual
Description: Job Description: At Bank of America, we're creating real, meaningful relationships with individuals and businesses across the country. Each day, we connect with 67 million clients through a growing specialist (more...)
Company: Bank of America
Location: Austin
Posted on: 04/13/2021


Postal Mail Delivery
Description: POSTAL MAIL DELIVERY NO EXPERIENCE REQUIRED - PAID TRAINING PROVIDED - JOB SECURITY br br The Postal Service is the largest government related agency in terms of employees. The Postal Service currently (more...)
Company: USA Labor Services
Location: Canyon Lake
Posted on: 04/13/2021

Controller
Description: Parker Lynch is currently working with a growing financial services company in their search for a Controller. This position will
Company: Parker and Lynch
Location: Austin
Posted on: 04/13/2021

Sr. Director of Acquisitions
Description: Potential to Earn 150k - Apply now for consideration br br This Jobot Job is hosted by Cole Riley br Are you a fit Easy Apply now by clicking the Apply button and sending us your resume. (more...)
Company: Jobot
Location: Austin
Posted on: 04/13/2021

Vice President, Treasurer
Description: Job Description:Essential Job Functions ul li Develops and implements strategies to mitigate risk in highly complex foreign exchange exposure. Partners with executive management to determine optimum (more...)
Company: Gainwell
Location: Austin
Posted on: 04/13/2021

Postal Mail Delivery
Description: POSTAL MAIL DELIVERY NO EXPERIENCE REQUIRED - PAID TRAINING PROVIDED - JOB SECURITY br br The Postal Service is the largest government related agency in terms of employees. The Postal Service currently (more...)
Company: USA Labor Services
Location: Cibolo
Posted on: 04/13/2021

FP&A Financial Analyst III - (B3)
Description: Key ResponsibilitiesWe are actively recruiting for a financial analyst role to support FP A activities for Worldwide Operations organization. You will be responsible for all spending and budgeting related (more...)
Company: Applied Materials, Inc.
Location: Austin
Posted on: 04/13/2021

Controller- Community Bank
Description: Controller- Reputable Community BankWe are seeking a financial controller with 5 years of banking or financial institution experience to join a great team with a growing reputable Community Bank in (more...)
Company: Creative Financial Staffing
Location: Cibolo
Posted on: 04/13/2021

Log In or Create An Account

Get the latest Texas jobs by following @recnetTX on Twitter!

Austin RSS job feeds