The Senior BE Cyber Technical Security Analyst
will work in a collaborative effort with the Cyber Security organization, IT, and business units to assure operational and system security, risk, and technical controls are processed within Service management SLAs and in compliance with risk -based security decisions when the business has alternative requirements.
SAIC's Information Technology Office (ITO) CyberSecurity Directorate is managed by SAIC's Chief Information Security Officer (CISO) who relies upon the BE Senior Manager and the BE Cyber Security Principal Analysts to adjudicate alternative risk and secure solutions deliver IT services to employees as a productivity enabler, to functional groups for business process enablement, and to the SAIC Customer and Service Groups in fulfillment of contracted requirements on behalf of the CISO and SAIC. All Cyber Security IT services rendered by ITO CS must be aligned with the strategic goals established by SAIC executive leadership and must not adversely affect the SAIC security posture unless exceptions, and risk are documented, and communicated as a matter of record to the business and the CISO to:
1. Ensure that IT services are secure reliable, delivered within competitive cost metrics, and value-driven to enable SAIC's business growth.
2. Align enterprise security policy and services with the business model and market portfolio requirements
Working for the Cyber Security department, the Senior BE Technical Cyber Security Risk Analyst, functions as a highly skilled internal control and risk consultant responsible for lead processing of all service request tickets, EULAs, PARIS, MIM, internal privacy, security, risk and IT based risk assessments and exceptions. In this position, you will be responsible for auditing systems, analyzing all service request and exceptions and evaluating, documenting and tracking all risks to published security controls and procedures. You will also complete IT security and compliance assessments for each request and evaluate ITO, Business POMs and vendor responses to compensating / mitigating and asserted compliance ticketing and questionnaire responses. Responsibilities
- Owns and manages the ServiceNow ticket queue for URL Unblocks, Firewall Provisioning, Policy Exception, Electronic Circuit and other eGRC Application, for service management ticket processing reporting and document retention
- Perform comprehensive risk assessments and analysis over IT processes sufficient to scope security audits across the organization. .
- Evaluate the efficiency, effectiveness and compliance of operation processes with corporate security policies and related regulations
- Design and execute walkthroughs and tests of effectiveness over controls in the entity, business units, IT, applications, and infrastructure, in support of various audits (e.g., NIST 800-171, NIST 800-53, ISO 27001, internal audits).Brief management and control owners on results of analysis and reviews and provide recommendations. Follow up on management corrective actions.
- Collaborate with departments to improve security compliance, manage risk and bolster effectiveness. Develop "best practice" recommendations to improve security on all levels.
- Manage/ multiple projects and responsibilities effectively and provide meaningful and timely feedback to leadership on issues and progress of solutions.
- Learn, stay abreast of, and apply applicable standards, frameworks, and interpretative guidance (e.g., attestation and auditing standards, DFARS, NIST CSF, COSO, ISO.
- Determines customized approach to cybersecurity evaluation (audit program).
- Provides timely status updates and reports. Ensure escalation of potential issues, findings and risks, and actively seeks clarification.
- Coordinate with external and internal business customer service request to coordinate and complete risk assessment and remediation /compensating control alternatives / exceptions and the review of findings on compliance reviews
- BS in IT or equivalent college degree or operational background.
- Ability to effectively communicate at all levels, both verbal and written, with internal stakeholders, external government agencies and 3rd Party vendors and customers.
- Demonstrated experience with regulatory and legal requirements (e.g.: SOX, DFARS, ISO/IEC standards, etc.).
- Knowledge of security & risk frameworks, standards and best practices (i.e. COSO, COBIT, GITC, CMM, NIST, ISO, etc.).
- Professional Certifications a plus (e.g. CISA, CISM, CRISC, or CISSP) Experience or training in the IA governance, technical hardening and / or accreditation & certification frameworks and Information Security program Security Plans, STIGS, Center Internet Security baselines for Networking,OSes, Application and Database components, NIST standards for Risk Management and Cybersecurity frameworks specifically
- Experience in the use of Service Now or service request ticketing systems, and MS Word, Excel, Power Point and SharePoint,
- Experience using eGRC, SEIM, and Vulnerability Scanning tools
- Excellent written and oral communication skills
- Must be able to obtain a Secret security clearance
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability