CYBER GOVERNANCE RISK COMPLIANCE (GRC) ANALYST
SAIC is seeking a Cyber Governance, Risk, and Compliance (GRC) Analyst to work at the Naval Undersea Warfare Center side by side with the government customer in Newport, Rhode Island.
The candidate will work on a small team to assess gaps in practices and controls against relevant standards, compliance requirements, and business policies and develop recommendations to close identified gaps. This individual will prepare clients for audits by reviewing and modifying documentation as well as conducting on-site audits of client laboratories. Successful candidates should have relevant experience in the information security field and the curiosity, drive, and skills to excel in interpreting and implementing standards, compliance programs and frameworks, managing client relationships and delivering consulting engagements.
- Perform audit and security compliance checks throughout the organization’s labs.
- Assist in developing policies and procedures for the NUWCDIVNPT and its associated detachments.
- Administer information assurance (IA) and risk management to protect organizational data, networks, and information systems from unauthorized access.
- Administer the documentation, testing, validation, and accreditation processes necessary to ensure systems meet security and privacy requirements required for RMF.
- Supporting the continuous monitoring program as necessary when Information System Continuous Monitoring (ISCM) results will be used to support continuing authorization requirements or ongoing authorizations.
- Responsible for the planning of Cybersecurity and coordination of various privacy policies, compliance artifacts and standards supporting DoD Risk Management Framework (RMF).
Bachelors and two (2) years of experience; four (4) years of experience accepted in lieu of degree.
- Experience working with Cyber Security Frameworks (NIST, ISO, etc.).
- Experience participating in or leading audits.
- Experience in developing information security policies, procedures, standards and guidelines.
Must have an active IAT Dod Level II Certification (CompTIA Security+ or equivalent)
- DoD 8570 IAT Level III or CSSP Auditor Certified is preferred. (CISSP, CySA+, CISA, CCNP Security, GCIH, etc.)
- Navy Qualified Validator Certification
Must have an active Secret Clearance prior to start of employment; US Citizenship required.