5+ years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Job Category:
Information Services
See more jobs for students and recent grads who studied:
Cyber Sec Analyst, Principal - Governance Policy & Training (ITO) Job
SAIC | Orlando, Florida
Tell Us More About Your Job Preferences
By telling us what you think of this job, we can help find jobs that match your interests. If you want to see more jobs like this, click on the smiley face. Or if this job isn't what you are looking for, click the frowny face. Learn More...

Follow This Company

Job Description

Cyber Sec Analyst, Principal - Governance Policy & Training (ITO) (Job Number:428619)


Job Description:

- The Principal Cyber Security IT Governance, Policy & Training Security Analyst reports to the Information Technology Office (ITO) GRC Cyber Security Manager / Director within the Cyber Assurance (CA) Directorate's Governance, Risk and Compliance (GRC) division and under the strategic leadership of Corporate CISO and Corporate Governance Policy, and Office of Security offices.
- The position exercises significant judgment in working with IT teams within the environment.
- The analyst serves as the Cyber Security point of contact for the SAIC Security Policy, Instructions and Guidance tree policy development, publication, maintenance, distribution, communication and training & awareness in support of SAIC Enterprise -wide IT portfolio of projects, Service Lines, Customer Groups and Supplier Security activities and Security consultation with regards to alignment, adherence and Governance of company policies and security best practices.
- This role is primarily internal and some externally facing activities within the corporate matrix. Selectee must be able to be successful interface with key officials throughout the company such as internal ITO VPs, Directors and POMS and other ITO Directorate and SLs Leadership and Principals their respective teams.
- In addition to primary responsibilities identified below, the Principal Cyber Security IT Governance, Policy & Training Analyst will serve as a subject matter expert for communication and consultation of all SAIC IT Security Policies, Instructions and Guidance to ensure employees, suppliers, and customers are aware and understand the SAIC promulgation and translation of a layman's working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, ISO 27001&27002, ITIL, SOX, and DFARS/FARS).
- This includes: Applications and Systems Development Security, Security Management Practices, Access Control, Security Architecture and Modeling, Telecommunications, Network Security, Cryptography (PKI), Operations Security, and Physical Security Controls, etc. Primary Responsibilities Successful candidate will be working on ITO Cyber Assurance Security GRC team and with multiple other ITO, Office of Security (OOS), Corporate Policy & Governance, Corporate Communications and the Chief Privacy Office teams in the review and analysis of SAIC Policy /Instruction/ Guidance for National Institute Standard for Technology (NIST) based security control design, execution, monitoring and tracking of System Security Plans (SSPs) policy procedural responses, noncompliance mitigations and associated POA&M remediation steps/plans for all Information Security requirements/ IT GRC functions.
- Some of the ITO CA GRC Division major functions requiring supporting Policy, Instructions, Guidance and Awareness Training analysis /evaluation, delivery and governance will include, but are not limited to: o Device Management/BYOD o Privileged Account Management Program, o System Security Plans (SSPs), o Technology, Vendor and Software Risk Assessment Program, o ISSM/ISSO Program, o Vulnerability Management Program, o DFARS Compliance, etc.
- Selectee must be able to work in a highly matrixed delivery model through quality communications and influence.
- Selectee must take guidance, and execute assignments to track processes, technology, services and software and prepare IA and Risk Assessment deliverables under the guidance of GRC Sec Director and CISO for approval.
- Selectee will be responsible for collaboration with all aspects of security ITO CA teams within his/her directorate and across other ITO Directorates.
- Selectee must be able to communicate and support ITO CA teams with the development of aligned security policy, identify policy gaps, and the execution of governance & policy risk assessment and reviews as required
- Perform Policy consultation, evaluation and communication of Service Line / CG service requests.

Required Skills:

- Develop and deliver quality Security Policy, Instructions, and Guidance risk assessment reports.
- This requires having an in- depth working experience with an Information Security Risk Assessment using industry standard approach. o Experience or training in the IA governance , Policy and Awareness frameworks and Information Security program Security Plans, STIGS, Center Internet Security baselines for Networking OSes, Application and Database components, NIST standards for Cyber Security Framework and Risk Management and Security Plan frameworks specifically o Experience in the use of Service Now, and MS Word , Excel, Power Point and SharePoint o Excellent written and oral communication skills
- Produce the following quality Security Awareness periodic content, publications and training deliverables for SAIC senior business leadership, employees:
- Written reports and verbal presentations.
- Present security guidance recommendations for complex programs & sourcing decisions.
- Perform Security Policy and guidance system security evaluations on suppliers and vendor products by following prescribed security standards criteria.
- Provide security guidance input to regularly scheduled platform and project specific meetings
- Produce quality gap -analysis of System Security Plans (SSPs) and risk assessment reports.
- Overall assistance in defining security policy requirements and strategies for information management system and network architecture design, optimization, and solution delivery.
- Assist platform owners and design teams in applying the necessary security controls to mitigate associated risks
- Function as a technical functional analyst who can navigate and communicate effectively with both technical and engineering teams and at ease with business function leads.
- Assist in evaluating third-party supplier security policy and controls, third-party relationship management policy audits, and Security outsourcing governance background.
- Ensure appropriate security guidance is provisioned and updated during varying phases of Software Development Life Cycle.
- Review business requirements and document security requirements for the information systems security guidance.
- Ensure system changes and updates remain ITO security policy compliant.
- Ensure security standards are applied from design to UAT.
- Assist in conducting on-site physical security assessments.
- Conduct security risk assessment of supplier (3rd party vendors) Security Programs and Policy and provide recommendations for improving the vendor assessment process. Support all facets of the vendor security program, including the evaluation of vendors, development of recommendations to improve security and mitigate security risks.
- US Citizen and able to obtain a SECRET clearance.


- Bachelor's Degree in Information Systems, Computer Science, Information Security or related IT field.
- 8-10 years relevant risk assessment, information security / analytical experience.
- Professional Security Industry Certifications such as CISSP, CCNA, CCIE or other relevant industry certifications through such accrediting bodies such as the DoD, ISC2, ISACA, SANS or Comp TIA.
- Experience acting as a Subject Matter Expert or team lead providing guidance to others
- Strong communication skills; person in this role must be able to successfully communicate with management personnel, technical personnel and third parties
- Possess strong technical writing, verbal and presentation skills especially with communicating to PMOs / senior management.
- Expertise with NIST and ISO 27000 series, particularly NIST SP 800-53, -30 and 18, NIST SP 800-171 r1, ISO 27001/2.
- Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, ISO 27001&27002, ITIL, SOX, and DFARS/FARS).
- This includes: Applications and Systems Development Security, Security Management Practices, Access Control, Security Architecture and Modeling, Telecommunications, Network Security, Cryptography (PKI), Operations Security, and Physical Security Controls
- Proven ability to work with cross- functional teams.
- Self-starter, individual contributor; must perform with limited or no supervision.
- Possesses proven initiative and developed listening skills.
- Demonstrate timely task completion involving solid organizational skills, task tracking, and follow- up, and productive peer interaction.
- US Citizen and able to obtain a SECRET Clearance.

Desired Qualifications:

- Experience with Data security / Classification and Data Centric Architecture Policy and Guidance.
- Security Policy, Procedure Plan & Guidance development tool and automation
- Demonstrate success leading and conducting senior level security policy risk analysis. modeling involving system decomposition, threat and vulnerability discovery and mitigation.
- Provide feedback on internal processes required to help train and mentor other professionals as needed
- Worked with Secure Development Life Cycle and Work experience in a mature risk management team with proven risk assessment methodology
- Specifically, Policy

SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.

EOE AA M/F/Vet/Disability

Job Posting: Jun 22, 2017, 11:27:00 AM
Primary Location: United States-FL-ORLANDO
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: Secret
Potential for Teleworking: No
Travel: Yes, 10% of the time
Shift: Day Job
Schedule: Full-time

This company profile was created by AfterCollege and is about SAIC. This page is not endorsed by or affiliated with SAIC. For questions regarding company profiles, please email: care@aftercollege.com.