Senior IT Risk and Compliance Specialist Senior

Responsibilities for this Position

Location: USA LA Home Office (LAHOME)
Full Part/Time: Full time
Job Req: RQ210009

Type of Requisition:
Regular

Clearance Level Must Currently Possess:
None

Clearance Level Must Be Able to Obtain:
None

Public Trust/Other Required:
None

Job Family:
Cyber and IT Risk Management

Job Qualifications:

Skills:
GRC Tools, NIST 800-53, Risk Management Framework
Certifications:
None
Experience:
3 + years of related experience
US Citizenship Required:
No

Job Description:

Transform technology into opportunity as an IT Risk and Compliance Senior Specialist with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you'll be at the forefront of innovation and play a meaningful part in improving how agencies operate.

GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team is seeking an experienced IT Risk and Compliance Senior Specialist with experience as an Information System Security Officer (ISSO). Our team provides services across GDIT programs to ensure the confidentiality, integrity, and availability of information systems while supporting compliance with relevant regulations and standards.

This role requires a highly knowledgeable self-starter to independently develop key artifacts based on NIST 800-171. The ideal candidate will operate in a dynamic, high-tempo environment, applying expertise in risk management and regulatory compliance to protect critical information assets.

HOW THE IT RISK AND COMPLIANCE SPECIALIST WILL MAKE AN IMPACT:

• Manage and/or maintain the security posture and authorization lifecycle for multiple cloud and on-premises information systems.
• Collaborate with stakeholders to attain information necessary for continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and supporting the SCA/ISSM during security control assessments.
• Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), network architectures
• Collaborate with stakeholders in order to develop program/project cyber policies .
• Familiarization with NIST 800 series documentation, ( NIST 800-171, GD and GDIT Cybersecurity policies), hardening guidance from vendors and US Government clients.
• Posses the ability to interpret vulnerability scan reports and coordinate with program stakeholders in order to remediate actions to closure and develop presentations and brief findings as needed.
• Support incident response, contingency planning, and disaster recovery efforts as needed by program and stakeholders.
• Serve as the program ISSO and represent the interests of the system owners, developers, and administrators.
• The ISSO will Interface with auditors and assessors during security control assessments and authorization events.
• Facilitate and collaborate with data owners, system owners, authorizing officials, and technical teams to prepare, implement, and monitor privacy and security controls in accordance with organizational risk policy.
• Ensure compliance with applicable GDIT requirements and policies
• maintain cyber compliance processes, procedures, and standards
• Collaborate stakeholders to design and implement security controls for new and existing systems and lab environments
• Maintain and update security documentation, including System Security Plans (SSPs, Architecture Diagrams, , Plan of Action and Milestones (POA&Ms), and other AO/AODR required documents, etc.
• Support security assessments and audits as a key stakeholder during the SCA/ISSMs evaluation of the security controls,
• Review vulnerability and compliance scan reports, and other relevant security reports and alerts for assigned systems
• Support incident response activities, including investigation, containment, and recovery efforts and annual incident response testing

WHAT YOU'LL NEED TO SUCCEED:

• Technical Training, Certification(s) or Degree
• Minimum of 3+ years of experience serving as an ISSO for either Corporate or program levels with a basic understanding of ISSO duties and responsibilities and awareness of GRC tools (eMASS or XACTA)
• Experience supporting security projects as well as delivering and supporting customer security requirements
• Comprehension of change and configuration management and security impact analysis
• Excellent problem-solving, analytical, and communication skills
• Ability to effectively collaborate across multi-functional teams
• Possesses experience with communicating and presenting technical solutions and status to executives, key stakeholders and decision makers
• Familiarity with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management)
• Ability to develop network architectures or follow templated examples in order to properly document a network architecture.
• Knowledge of IT risk management frameworks and regulatory requirements (e.g., NIST 800-171, ISO 27001)
• Knowledge of Security and privacy controls (e.g., CIS Level 2, DISA STIG)
• Knowledge of DoD security authorization process
• Knowledge of Security auditing practices and procedures and associated processes

PREFERRED QUALIFICATIONS:

• Proven track record of successfully managing large-scale IT risk and compliance programs
• Relevant certifications such as IAT Level II/8570/8140, Security +CE Preferred
• Experience with Microsoft Office Products, Adobe Pro, Visio, JIRA, ServiceNow
• Experience in a government
• Familiarity with cloud security best practices and technologies
• Must be clearable up to Top Secret
• Bachelor's degree in computer science, information technology, information/cyber security or a related field

Location: Hybrid at GDIT's Integrated Technology Center in Bossier City, Louisiana. Candidates residing within the state of Louisiana who are more than 60 miles from our office in Bossier City may be considered to work remotely.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
Growth: AI-powered career tool that identifies career steps and learning opportunities
Support: An internal mobility team focused on helping you achieve your career goals
Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
Flexibility: Full-flex work week to own your priorities at work and at home
Community: Award-winning culture of innovation and a military-friendly workplace

OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you'll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.

The likely salary range for this position is $94,676 - $128,092. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
Less than 10%

Telecommuting Options:
Remote

Work Location:
USA LA Home Office (LAHOME)

Additional Work Locations:

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc .

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

PI279480707

Transform technology into opportunity as an IT Risk and Compliance Senior Specialist with GDIT. A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you'll be at the forefront of innovation and play a meaningful part in improving how agencies operate.


GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team is seeking an experienced IT Risk and Compliance Senior Specialist with experience as an Information System Security Officer (ISSO). Our team provides services across GDIT programs to ensure the confidentiality, integrity, and availability of information systems while supporting compliance with relevant regulations and standards.


This role requires a highly knowledgeable self-starter to independently develop key artifacts based on NIST 800-171. The ideal candidate will operate in a dynamic, high-tempo environment, applying expertise in risk management and regulatory compliance to protect critical information assets.



HOW THE IT RISK AND COMPLIANCE SPECIALIST WILL MAKE AN IMPACT:

• Manage and/or maintain the security posture and authorization lifecycle for multiple cloud and on-premises information systems.
• Collaborate with stakeholders to attain information necessary for continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and supporting the SCA/ISSM during security control assessments.
• Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), network architectures
• Collaborate with stakeholders in order to develop program/project cyber policies .
• Familiarization with NIST 800 series documentation, ( NIST 800-171, GD and GDIT Cybersecurity policies), hardening guidance from vendors and US Government clients.
• Posses the ability to interpret vulnerability scan reports and coordinate with program stakeholders in order to remediate actions to closure and develop presentations and brief findings as needed.
• Support incident response, contingency planning, and disaster recovery efforts as needed by program and stakeholders.
• Serve as the program ISSO and represent the interests of the system owners, developers, and administrators.
• The ISSO will Interface with auditors and assessors during security control assessments and authorization events.
• Facilitate and collaborate with data owners, system owners, authorizing officials, and technical teams to prepare, implement, and monitor privacy and security controls in accordance with organizational risk policy.
• Ensure compliance with applicable GDIT requirements and policies
• maintain cyber compliance processes, procedures, and standards
• Collaborate stakeholders to design and implement security controls for new and existing systems and lab environments
• Maintain and update security documentation, including System Security Plans (SSPs, Architecture Diagrams, , Plan of Action and Milestones (POA&Ms), and other AO/AODR required documents, etc.
• Support security assessments and audits as a key stakeholder during the SCA/ISSMs evaluation of the security controls,
• Review vulnerability and compliance scan reports, and other relevant security reports and alerts for assigned systems
• Support incident response activities, including investigation, containment, and recovery efforts and annual incident response testing

WHAT YOU'LL NEED TO SUCCEED:

• Technical Training, Certification(s) or Degree
• Minimum of 3+ years of experience serving as an ISSO for either Corporate or program levels with a basic understanding of ISSO duties and responsibilities and awareness of GRC tools (eMASS or XACTA)
• Experience supporting security projects as well as delivering and supporting customer security requirements
• Comprehension of change and configuration management and security impact analysis
• Excellent problem-solving, analytical, and communication skills
• Ability to effectively collaborate across multi-functional teams
• Possesses experience with communicating and presenting technical solutions and status to executives, key stakeholders and decision makers
• Familiarity with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management)
• Ability to develop network architectures or follow templated examples in order to properly document a network architecture.
• Knowledge of IT risk management frameworks and regulatory requirements (e.g., NIST 800-171, ISO 27001)
• Knowledge of Security and privacy controls (e.g., CIS Level 2, DISA STIG)
• Knowledge of DoD security authorization process
• Knowledge of Security auditing practices and procedures and associated processes

PREFERRED QUALIFICATIONS:

• Proven track record of successfully managing large-scale IT risk and compliance programs
• Relevant certifications such as IAT Level II/8570/8140, Security +CE Preferred
• Experience with Microsoft Office Products, Adobe Pro, Visio, JIRA, ServiceNow
• Experience in a government
• Familiarity with cloud security best practices and technologies
• Must be clearable up to Top Secret
• Bachelor's degree in computer science, information technology, information/cyber security or a related field

Location: Hybrid at GDIT's Integrated Technology Center in Bossier City, Louisiana. Candidates residing within the state of Louisiana who are more than 60 miles from our office in Bossier City may be considered to work remotely.



GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
Growth: AI-powered career tool that identifies career steps and learning opportunities
Support: An internal mobility team focused on helping you achieve your career goals
Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
Flexibility: Full-flex work week to own your priorities at work and at home
Community: Award-winning culture of innovation and a military-friendly workplace


OWN YOUR OPPORTUNITY
Explore a career in cyber at GDIT and you'll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.


The likely salary range for this position is $94,676 - $128,092. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.



Scheduled Weekly Hours:
40



Travel Required:
Less than 10%



Telecommuting Options:
Remote



Work Location:
USA LA Home Office (LAHOME)



Additional Work Locations:



Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.


We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.


Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc .


Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

PI279480707