Leidos' Computer Information Security Office (CISO) is seeking a Senior Principal Cybersecurity Risk Management Compliance to serve as Subject Matter Expert in this field across Leidos, reporting directly to the VP of Cybersecurity Risk Management.
In this role, you will be responsible for risk management, governance and NIST/DFARS compliance and function as a technical security and compliance subject matter expert (SME) ensuring NIST/DFARS 800–171 operational, technical, and privacy, security control implementation adherence. This may involve creating a business case and then defining the requirements using various approaches such as use cases then decomposing the requirements to a sufficient level of detail allowing the implementation team to take action.
You must be able to communicate effectively with executive leadership (internally or client) regarding matters of significant importance to the organization/project, and work to influence others to accept area’s view/current practices and agree/accept new concepts, practices and approaches.
Furthermore, you will influence development of solutions that impact strategic project/program goals and business results.
We are looking for someone with “can do” attitude, willingness and ability to embrace challenges as they arise, and the ability to engage quickly on multiple top priorities. This role will determine how Leidos IT and business functions will support NIST/DFARS compliance by analyzing and measuring the effectiveness of existing IT/IT security business processes and technologies and developing implementable and sustainable solutions.
- Responsible for translating NIST/DFARS compliance and business drivers into requirements and translating requirements into actionable tasks
- Communicate with business and technical staff
- Present conceptual representations of processes and ‘business as usual’ activities as trackable milestones
- Track and manage use cases and/or requirements across the Program Life Cycle
- Identify impacts of system changes
- Document requirements, use cases, user impact statements into deliverable work artifacts.
- Perform ongoing monitoring of compliance with NIST/DFARS 800-171 documentation requirements to provide timely detection, identification and alerting of non-compliance issues.
- Provide expertise, guidance and recommendations on developing and improving NIST/DFARS 800-171 related documents and templates including configuration management plans, incident response plans, Plan of Action amp; Milestones (POA amp;M), risk assessments, and SSP implementation statements.
- Research and evaluate new technologies and make recommendations to management on improving cybersecurity readiness/awareness.
- Master’s degree and minimum 15 years of relevant experience, or Bachelor's degree and minimum 17 years of relevant experience.
- Active Secret clearance is required
- Has expert knowledge of industry practices, advanced techniques and solutions within a professional discipline to develop new standards, processes, and solutions.
- Subject matter expertise with NIST/DFARS compliance
- Proven experience translating business drivers into requirements and translating those requirements into actionable tasks
- Excellent communication with business and technical staff
- Experience presenting conceptual representations of processes and ‘business as usual’ activities as trackable milestones
- Experience tracking and managing use cases and/or requirements from program inception to completion
- Experience with identifying impacts of system changes and documenting requirements, use cases, user impact statements into deliverable work artifacts
- Demonstrated experience as an analyst within either Enterprise Business Systems or Engineering projects
- Experience with NIST/DFARS or ISO 27001 related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA amp;M), and training requirements.
- Experience with in applying NIST/DFARS 800-171 Risk Management principles, interpreting requirements, and developing implementation guidance.
- Experience with cyber security measures and configurations on a variety of hardware and software tools – firewalls, routers, password protections, encryption methods, Active Directory groups, LAN/WAN/WiFi, mobile devices.
- Experience implementing requirements and guidance, writing policies, procedures, guidance, standards and instructional materials.
- Experience working with cross-departmental teams to design, develop and implement NIST/DFARS 800-171 compliant solutions that meet current and future business requirements and enhance and optimize the existing security architecture
- A Master's degree in Information Systems, Information Technology, Business, or Management is preferred
- Knowledge of existing Leidos IT and CIS systems
- Ability to adapt in response to shifts in corporate direction
- Familiarity with both engineering and development projects
- Experience with PCI, PII, and HIPAA regulations and remediation.
- Security+ or CISSP Certification preferred