General Dynamics Information Technology
IT Risk and Compliance Specialist Senior Principal
General Dynamics Information Technology, Home, Pennsylvania, United States, 15747
Overview
Transform technology into opportunity as an
IT Risk and Compliance Specialist Senior Principal
with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you’ll be at the forefront of innovation and play a meaningful part in improving how agencies operate. GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team is seeking an experienced
IT Risk and Compliance Specialist Senior Principal . Our team provides services across GDIT programs to ensure the confidentiality, integrity, and availability of information systems while supporting compliance with relevant regulations and standards. This role requires a highly knowledgeable self-starter to independently manage the full Risk Management Framework (RMF) lifecycle for multiple systems concurrently. The ideal candidate will operate in a dynamic, high-tempo environment, applying deep expertise in risk management and regulatory compliance to protect critical information assets. What you’ll need to succeed
Education:
Technical training, certificate, or degree in information/cyber security or a related field Experience:
Minimum of 8+ years of experience in IT risk management, IT compliance, or information security, with a significant portion in a leadership role (e.g., ISSO, ISSE, ISSM) Certifications:
At least one of the following: CISSP, CISM, and/or CISA Additional requirements:
Experience managing security projects as well as delivering and supporting customer security requirements; comprehension of change and configuration management and security impact analysis; excellent problem-solving, analytical, and communication skills; ability to collaborate across multi-functional teams; demonstrated experience performing complex technical tasks with minimal direction; experience communicating and presenting technical solutions and status to executives and stakeholders; experience with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management); strong understanding of security boundary protection strategies including IDS/IPS, compensating controls, and firewall rules; experience supporting new business opportunities, developing solutions, participating in proposals, and supporting costing/pricing. Knowledge of:
IT risk management frameworks and regulatory requirements (e.g., NIST, ISO 27001, COBIT, FISMA); security and privacy controls (e.g., CIS Level 2, DISA STIG); GDIT Cyber Security Handbook; security authorization processes (e.g., FedRAMP, DoD); security audits and related processes; contingency planning and disaster recovery. Preferred qualifications:
Ability to obtain and maintain a Top Secret security clearance; proven track record managing large IT risk and compliance programs; additional certifications such as CISA, CISSP, CISM, CGRC, and/or CRISC; familiarity with security management tools (e.g., Splunk, CrowdStrike, Qualys, Tenable, eMASS, Archer); experience with Microsoft Office products, Adobe Pro, Visio, JIRA, ServiceNow; experience in government or highly regulated environments; knowledge of cloud security best practices; experience with security automation and orchestration. Responsibilities
Manage the security posture and authorization lifecycle for multiple cloud and on-premises information systems. Conduct continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and security control assessments. Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), and Risk Assessment Reports (RARs). Periodically assess the risk to organizational operations and assets in accordance with risk management policies. Proactively monitor emerging security threats and technology advancements to recommend and implement process and tool improvements. Ensure system compliance with NIST SPs, FedRAMP requirements, DISA STIGs, and CIS Benchmarks. Assess and mitigate system vulnerabilities; track remedial actions to closure. Support incident response, contingency planning, and disaster recovery efforts. Serve as the primary security advisor to system owners, developers, and administrators. Interface with auditors and assessors during security control assessments and authorization events. Provide security-focused input for new business proposals and solutions. Key Responsibilities
Act as a subject matter expert on information security topics and provide guidance to management and staff. Oversee the identification, assessment, and mitigation of IT risks across GDIT’s and our customer’s information technology systems environments. Facilitate RMF steps with data owners, system owners, authorizing officials, and technical teams to implement security controls in accordance with risk policy. Ensure compliance with applicable regulatory requirements and policies. Lead the development and execution of IT risk management and compliance strategies. Develop, implement, and maintain IT risk and compliance processes, procedures, and standards. Collaborate with IT and other departments to design and implement security controls for new and existing systems. Maintain and update security documentation (SSPs, Security Controls Workbook, Architecture Diagrams, POA&Ms, etc.). Monitor and analyze information systems for security incidents to identify vulnerabilities and propose solutions. Conduct regular security assessments and audits to evaluate the effectiveness of security controls. Review vulnerability and compliance scan reports and alerts for assigned systems. Support incident response activities, including investigation, containment, recovery, and annual testing; lead incident response for IT security and compliance breaches. Collaborate with IT, legal, and business teams to address IT risk and compliance issues. Provide guidance and recommendations to senior management; train and mentor staff on IT risk management and compliance best practices. Support business development, respond to RFPs, and provide input for costing/pricing. Stay current with industry trends, regulatory changes, and emerging risks in IT. Role Details
Location:
Hybrid at Bossier City, LA or Falls Church, VA. Remote consideration for eligible candidates outside office ranges. Salary range:
The likely salary range for this position is $131,750 - $178,250. Final offer to be determined by experience, location, and contractual requirements. Scheduled Weekly Hours:
40 Travel Required:
Less than 10% Telecommuting Options:
Hybrid Work Location:
USA LA Bossier City Additional Work Locations:
USA DC Home Office, USA LA Home Office, USA MD Home Office, USA VA Falls Church, USA VA Home Office Total Rewards at GDIT:
Our benefits package includes medical, dental, vision, 401(k) with company match, paid time off, disability and life insurance, and more. We offer flex work weeks where possible and a variety of leave. We are GDIT, a global technology and professional services company serving the U.S. government, defense and intelligence community. To join our Talent Community and stay updated on opportunities, visit gdit.com/tc.
#J-18808-Ljbffr
Transform technology into opportunity as an
IT Risk and Compliance Specialist Senior Principal
with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you’ll be at the forefront of innovation and play a meaningful part in improving how agencies operate. GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team is seeking an experienced
IT Risk and Compliance Specialist Senior Principal . Our team provides services across GDIT programs to ensure the confidentiality, integrity, and availability of information systems while supporting compliance with relevant regulations and standards. This role requires a highly knowledgeable self-starter to independently manage the full Risk Management Framework (RMF) lifecycle for multiple systems concurrently. The ideal candidate will operate in a dynamic, high-tempo environment, applying deep expertise in risk management and regulatory compliance to protect critical information assets. What you’ll need to succeed
Education:
Technical training, certificate, or degree in information/cyber security or a related field Experience:
Minimum of 8+ years of experience in IT risk management, IT compliance, or information security, with a significant portion in a leadership role (e.g., ISSO, ISSE, ISSM) Certifications:
At least one of the following: CISSP, CISM, and/or CISA Additional requirements:
Experience managing security projects as well as delivering and supporting customer security requirements; comprehension of change and configuration management and security impact analysis; excellent problem-solving, analytical, and communication skills; ability to collaborate across multi-functional teams; demonstrated experience performing complex technical tasks with minimal direction; experience communicating and presenting technical solutions and status to executives and stakeholders; experience with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management); strong understanding of security boundary protection strategies including IDS/IPS, compensating controls, and firewall rules; experience supporting new business opportunities, developing solutions, participating in proposals, and supporting costing/pricing. Knowledge of:
IT risk management frameworks and regulatory requirements (e.g., NIST, ISO 27001, COBIT, FISMA); security and privacy controls (e.g., CIS Level 2, DISA STIG); GDIT Cyber Security Handbook; security authorization processes (e.g., FedRAMP, DoD); security audits and related processes; contingency planning and disaster recovery. Preferred qualifications:
Ability to obtain and maintain a Top Secret security clearance; proven track record managing large IT risk and compliance programs; additional certifications such as CISA, CISSP, CISM, CGRC, and/or CRISC; familiarity with security management tools (e.g., Splunk, CrowdStrike, Qualys, Tenable, eMASS, Archer); experience with Microsoft Office products, Adobe Pro, Visio, JIRA, ServiceNow; experience in government or highly regulated environments; knowledge of cloud security best practices; experience with security automation and orchestration. Responsibilities
Manage the security posture and authorization lifecycle for multiple cloud and on-premises information systems. Conduct continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and security control assessments. Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), and Risk Assessment Reports (RARs). Periodically assess the risk to organizational operations and assets in accordance with risk management policies. Proactively monitor emerging security threats and technology advancements to recommend and implement process and tool improvements. Ensure system compliance with NIST SPs, FedRAMP requirements, DISA STIGs, and CIS Benchmarks. Assess and mitigate system vulnerabilities; track remedial actions to closure. Support incident response, contingency planning, and disaster recovery efforts. Serve as the primary security advisor to system owners, developers, and administrators. Interface with auditors and assessors during security control assessments and authorization events. Provide security-focused input for new business proposals and solutions. Key Responsibilities
Act as a subject matter expert on information security topics and provide guidance to management and staff. Oversee the identification, assessment, and mitigation of IT risks across GDIT’s and our customer’s information technology systems environments. Facilitate RMF steps with data owners, system owners, authorizing officials, and technical teams to implement security controls in accordance with risk policy. Ensure compliance with applicable regulatory requirements and policies. Lead the development and execution of IT risk management and compliance strategies. Develop, implement, and maintain IT risk and compliance processes, procedures, and standards. Collaborate with IT and other departments to design and implement security controls for new and existing systems. Maintain and update security documentation (SSPs, Security Controls Workbook, Architecture Diagrams, POA&Ms, etc.). Monitor and analyze information systems for security incidents to identify vulnerabilities and propose solutions. Conduct regular security assessments and audits to evaluate the effectiveness of security controls. Review vulnerability and compliance scan reports and alerts for assigned systems. Support incident response activities, including investigation, containment, recovery, and annual testing; lead incident response for IT security and compliance breaches. Collaborate with IT, legal, and business teams to address IT risk and compliance issues. Provide guidance and recommendations to senior management; train and mentor staff on IT risk management and compliance best practices. Support business development, respond to RFPs, and provide input for costing/pricing. Stay current with industry trends, regulatory changes, and emerging risks in IT. Role Details
Location:
Hybrid at Bossier City, LA or Falls Church, VA. Remote consideration for eligible candidates outside office ranges. Salary range:
The likely salary range for this position is $131,750 - $178,250. Final offer to be determined by experience, location, and contractual requirements. Scheduled Weekly Hours:
40 Travel Required:
Less than 10% Telecommuting Options:
Hybrid Work Location:
USA LA Bossier City Additional Work Locations:
USA DC Home Office, USA LA Home Office, USA MD Home Office, USA VA Falls Church, USA VA Home Office Total Rewards at GDIT:
Our benefits package includes medical, dental, vision, 401(k) with company match, paid time off, disability and life insurance, and more. We offer flex work weeks where possible and a variety of leave. We are GDIT, a global technology and professional services company serving the U.S. government, defense and intelligence community. To join our Talent Community and stay updated on opportunities, visit gdit.com/tc.
#J-18808-Ljbffr