Manager of Cyber Risk Analyst Team - Richmond, VA - VITA (Job Number:437316)
SAIC has been awarded a million contract by the Commonwealth of Virginia to serve as a multisourcing service integrator (MSI). Under the contract, SAIC will provide an innovative approach to assist the Virginia Information Technologies Agency (VITA) with modernizing the state?s technology infrastructure. Under the contract, SAIC will coordinate and monitor multiple IT infrastructure services suppliers for state executive branch agencies.
The MSI is the cornerstone of a strategy that will diversify the state?s portfolio of suppliers, improve service delivery quality, ensure cost-competitiveness, and provide transparency and accountability into the commonwealth?s service delivery platform.
SAIC is seeking a Manager for our MSI Cyber Risk Management Analyst Team supporting the Commonwealth of Virginia (COV). Assignments will be objective oriented, and work will be reviewed in terms of meeting the organization's objectives and timelines.
The Manager of Cyber Risk Management will Interact frequently with internal and external management and senior-level customer representatives concerning projects, operational decisions, and scheduling requirements.
The Risk Analyst team will be interacting with COV technology suppliers about their compliance with COV cybersecurity policies and practices, and providing a wide range of Risk management services to them and the Commonwealth.
This will require a combination of the following Knowledge, Skills, and Abilities:
- Strong understanding of the complexities of the Risk Management Framework (NIST RMF)
- Priorities driven by program maturity
- Identification of business impacts
- Analysis of Risk to the business and vulnerability assessment at the network, system and application level
- Planning of security controls to best protect business priorities with a balancing approach to policies and procedures
- Assessment of compliance with controls and resulting impact on risk
- Creating plans to remediate weaknesses
- Quantifying and reporting on remediation progress
- Assessment of remediation effectiveness
- Analysis of threat landscapes
- Reprioritization of remediation activities as dictated by changing threat landscapes
- Automation of continuous monitoring solutions
- Incident response and incident Root Cause Analysis
- Maintenance of a consolidated Risk Register, with escalation of known issues that surpass the risk appetite of the organization
- Periodically conduct reviews of system audits and monitor corrective actions until all actions are closed
- Implement required government policy, and make recommendations on process tailoring
- Analyze / validate established security requirements to recommend additional security safeguards
Strong verbal, analytical, and written communication abilities:
- Leadership: significant experience managing highly skilled cyber security professionals who exercise significant latitude and independence in how they meet objectives and timelines. Able to evaluate and recommend new security tools, techniques, and technologies and introduce them to the enterprise in alignment with IT security strategy.
- Verbal abilities should be confident but non-confrontational, articulate but not wordy, equally comfortable leading and following, and as eager to listen as to contribute. Frequently will lead briefings and technical meetings.
- Analytical abilities should avoid black-and-white thinking, and instead embrace diversities of opinions and viewpoints for their ability to inform complex solutions to complex real-world problems. This includes the ability to analyze state-wide policies and procedures, and interpret into program best practices.
- Written abilities should produce grammatically correct, concise, informative, and visually appealing written products, including security documentation, investigations, software research, hardware introduction and release, emerging technology research, reports to regulatory agencies, and threat modeling
- Adaptability to both technical and non-technical audiences and a strong customer-service focus will be critical since this is a role that will have frequent contact with our COV customer.
- Please describe your experience leading IT professionals who exercise significant latitude and independence in how they meet objectives and timelines.
Education / Certifications / Other
- Candidates with a Bachelor?s degree should have at least eight (14) years of experience, and candidates with a Master?s degree should have at least four (12) years of experience. Degrees in engineering, science, and mathamatics are preferred.
- Continual Learning. Completion of advanced course work, or attainment and maintenance of cybersecurity-related credentials and certifications is preferred.
- ITIL Certification. Candidates who have completed ITIL v3 2011 Foundation or above are preferred.
- Location. Work will be performed in Richmond, VA, with infrequent work-related travel. Security Clearance Requirement
- US Citizen. Must be able to pass a Commonwealth of Virginia background check.
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAICs approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see My SAIC Benefits. EOE AA M/F/Vet/Disability
Job Posting: Jun 12, 2018, 1:22:30 PM
Primary Location: United States-VA-RICHMOND
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: None
Potential for Teleworking: No
Travel: Yes, 10% of the time
Shift: Day Job