General Dynamics Information Technology
IT Risk and Compliance Specialist Senior Principal
General Dynamics Information Technology, Prairie Home, Missouri, United States
Overview
Transform technology into opportunity as an
IT Risk and Compliance Specialist Senior Principal
with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team provides services across programs to ensure confidentiality, integrity, and availability of information systems while supporting compliance with applicable regulations and standards. The role requires independently managing the full RMF lifecycle for multiple systems concurrently in a dynamic, high-tempo environment, applying deep expertise in risk management and regulatory compliance to protect critical information assets. Responsibilities
Manage the security posture and authorization lifecycle for multiple cloud and on-premises information systems. Conduct continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and security control assessments. Develop, maintain, and update security documentation (SSPs, POAMs, RARs). Periodically assess risk to organizational operations and assets in accordance with risk management policies. Monitor emerging security threats and technology advancements to implement process and tool improvements. Ensure system compliance with NIST SPs, FedRAMP, DISA STIGs, and CIS Benchmarks. Assess and mitigate vulnerabilities; track remedial actions to closure. Support incident response, contingency planning, and disaster recovery efforts. Serve as primary security advisor to system owners, developers, and administrators. Interface with auditors during security control assessments and authorization events. Provide security-focused input for new business proposals and solutions. Key Responsibilities
Act as a subject matter expert on information security topics and provide guidance to management and staff. Oversee IT risk identification, assessment, and mitigation across IT environments for GDIT and customers. Facilitate RMF steps with data owners, system owners, authorizing officials, and technical teams to prepare, categorize, select, implement, assess, authorize, and monitor controls. Ensure compliance with regulatory requirements and policies. Lead IT risk management and compliance strategies; develop, implement, and maintain related processes, procedures, and standards. Collaborate with IT and other departments to design and implement security controls for new and existing systems. Maintain security documentation (SSPs, Security Controls Workbook, Architecture Diagrams, Risk Assessments, POA&Ms, and related AO/AODR documents). Monitor and analyze information systems for security incidents and vulnerabilities; propose solutions. Conduct regular security assessments and audits; review vulnerability and compliance reports for assigned systems. Support and lead incident response activities and annual testing; coordinate with IT, legal, and business teams on risk issues. Provide guidance to senior management on IT risk and compliance matters; train and mentor staff. Support business development with solution recommendations, RFP responses, and input for costing/pricing. Stay current with industry trends, regulatory changes, and emerging IT risks. What You’ll Need to Succeed
Education:
Technical training, certificate, or degree in information/cyber security or related field. Experience:
Minimum 8+ years in IT risk management, IT compliance, or information security, with significant leadership experience (e.g., ISSO, ISSE, ISSM). Certifications:
CISSP, CISM, and/or CISA or equivalent. Experience managing security projects and delivering customer security requirements. Understanding of change/configuration management and security impact analysis. Strong problem-solving, analytical, and communication skills; ability to collaborate across multi-functional teams. Experience with security tools (e.g., Firewalls, VPNs, SIEM, EPP, Vulnerability/Compliance Scanning, IAM). Knowledge of boundary protection strategies, IDS/IPS, compensating controls, and firewall rules. Experience supporting new business opportunities, solution development, and costing/pricing. Knowledge
IT risk management frameworks and regulatory requirements (NIST, ISO 27001, COBIT, FISMA). Security and privacy controls (CIS Level 2, DISA STIG). GDIT Cyber Security Handbook (internal candidates). Security authorization processes (FedRAMP, DoD). Security audits, contingency planning, and disaster recovery. Preferred Qualifications
Ability to obtain and maintain Top Secret clearance. Track record of managing large IT risk and compliance programs. Additional certifications such as CISA, CISSP, CISM, CGRC, CRISC. Familiarity with security tools (e.g., Splunk, CrowdStrike, Qualys, Tenable, eMASS, Archer). Experience with Microsoft Office, Visio, JIRA, ServiceNow. Government or highly regulated environment experience (DoD, DHS, DoC, etc.). Knowledge of cloud security best practices and security automation/orchestration. Location
Hybrid at Bossier City, LA or Falls Church, VA. Sufficiently qualified candidates in LA, DC, MD, or VA may qualify for remote work if not within range of GDIT offices. GDIT is your place to grow: AI-powered career tools, internal mobility support, comprehensive benefits, flexible work options, and a culture of innovation. Learn more at gdit.com/tc. Compensation:
The likely salary range is $131,750 - $178,250 and may vary by experience and location. Schedule and Travel
Scheduled Weekly Hours:
40 Travel Required:
Less than 10% Telecommuting Options:
Hybrid Work Location:
USA LA Bossier City Additional Work Locations:
USA DC Home Office (DCHOME), USA LA Home Office (LAHOME), USA MD Home Office (MDHOME), USA VA Falls Church, USA VA Home Office (VAHOME) Total Rewards
Our benefits package for US-based employees includes medical, dental, vision, 401(k) with company match, PTO, and disability/life insurance options. We offer full-flex work weeks where possible and a range of leave. We are GDIT, delivering solutions across the U.S. government and beyond.
#J-18808-Ljbffr
Transform technology into opportunity as an
IT Risk and Compliance Specialist Senior Principal
with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team provides services across programs to ensure confidentiality, integrity, and availability of information systems while supporting compliance with applicable regulations and standards. The role requires independently managing the full RMF lifecycle for multiple systems concurrently in a dynamic, high-tempo environment, applying deep expertise in risk management and regulatory compliance to protect critical information assets. Responsibilities
Manage the security posture and authorization lifecycle for multiple cloud and on-premises information systems. Conduct continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and security control assessments. Develop, maintain, and update security documentation (SSPs, POAMs, RARs). Periodically assess risk to organizational operations and assets in accordance with risk management policies. Monitor emerging security threats and technology advancements to implement process and tool improvements. Ensure system compliance with NIST SPs, FedRAMP, DISA STIGs, and CIS Benchmarks. Assess and mitigate vulnerabilities; track remedial actions to closure. Support incident response, contingency planning, and disaster recovery efforts. Serve as primary security advisor to system owners, developers, and administrators. Interface with auditors during security control assessments and authorization events. Provide security-focused input for new business proposals and solutions. Key Responsibilities
Act as a subject matter expert on information security topics and provide guidance to management and staff. Oversee IT risk identification, assessment, and mitigation across IT environments for GDIT and customers. Facilitate RMF steps with data owners, system owners, authorizing officials, and technical teams to prepare, categorize, select, implement, assess, authorize, and monitor controls. Ensure compliance with regulatory requirements and policies. Lead IT risk management and compliance strategies; develop, implement, and maintain related processes, procedures, and standards. Collaborate with IT and other departments to design and implement security controls for new and existing systems. Maintain security documentation (SSPs, Security Controls Workbook, Architecture Diagrams, Risk Assessments, POA&Ms, and related AO/AODR documents). Monitor and analyze information systems for security incidents and vulnerabilities; propose solutions. Conduct regular security assessments and audits; review vulnerability and compliance reports for assigned systems. Support and lead incident response activities and annual testing; coordinate with IT, legal, and business teams on risk issues. Provide guidance to senior management on IT risk and compliance matters; train and mentor staff. Support business development with solution recommendations, RFP responses, and input for costing/pricing. Stay current with industry trends, regulatory changes, and emerging IT risks. What You’ll Need to Succeed
Education:
Technical training, certificate, or degree in information/cyber security or related field. Experience:
Minimum 8+ years in IT risk management, IT compliance, or information security, with significant leadership experience (e.g., ISSO, ISSE, ISSM). Certifications:
CISSP, CISM, and/or CISA or equivalent. Experience managing security projects and delivering customer security requirements. Understanding of change/configuration management and security impact analysis. Strong problem-solving, analytical, and communication skills; ability to collaborate across multi-functional teams. Experience with security tools (e.g., Firewalls, VPNs, SIEM, EPP, Vulnerability/Compliance Scanning, IAM). Knowledge of boundary protection strategies, IDS/IPS, compensating controls, and firewall rules. Experience supporting new business opportunities, solution development, and costing/pricing. Knowledge
IT risk management frameworks and regulatory requirements (NIST, ISO 27001, COBIT, FISMA). Security and privacy controls (CIS Level 2, DISA STIG). GDIT Cyber Security Handbook (internal candidates). Security authorization processes (FedRAMP, DoD). Security audits, contingency planning, and disaster recovery. Preferred Qualifications
Ability to obtain and maintain Top Secret clearance. Track record of managing large IT risk and compliance programs. Additional certifications such as CISA, CISSP, CISM, CGRC, CRISC. Familiarity with security tools (e.g., Splunk, CrowdStrike, Qualys, Tenable, eMASS, Archer). Experience with Microsoft Office, Visio, JIRA, ServiceNow. Government or highly regulated environment experience (DoD, DHS, DoC, etc.). Knowledge of cloud security best practices and security automation/orchestration. Location
Hybrid at Bossier City, LA or Falls Church, VA. Sufficiently qualified candidates in LA, DC, MD, or VA may qualify for remote work if not within range of GDIT offices. GDIT is your place to grow: AI-powered career tools, internal mobility support, comprehensive benefits, flexible work options, and a culture of innovation. Learn more at gdit.com/tc. Compensation:
The likely salary range is $131,750 - $178,250 and may vary by experience and location. Schedule and Travel
Scheduled Weekly Hours:
40 Travel Required:
Less than 10% Telecommuting Options:
Hybrid Work Location:
USA LA Bossier City Additional Work Locations:
USA DC Home Office (DCHOME), USA LA Home Office (LAHOME), USA MD Home Office (MDHOME), USA VA Falls Church, USA VA Home Office (VAHOME) Total Rewards
Our benefits package for US-based employees includes medical, dental, vision, 401(k) with company match, PTO, and disability/life insurance options. We offer full-flex work weeks where possible and a range of leave. We are GDIT, delivering solutions across the U.S. government and beyond.
#J-18808-Ljbffr