Description

The Security & Monitoring Lead serves as the Information Systems Security Manager (ISSM) for all projects, initiatives, and applications developed under the contract. This role is responsible for developing and implementing security processes, ensuring compliance with relevant regulations and policies, overseeing Information System Security Officers (ISSOs), managing security incidents, and maintaining robust security measures for both infrastructure and applications. This position will be hybrid remote and will require some onsite work in Washington DC.

This opportunity is contingent upon award.

Responsibilities and Duties:

• Policy Compliance: Develop and operate information systems in compliance with GAO policies and procedures.
• Security Process Development: Develop and implement security processes to ensure compliance with the Federal Information Systems Security Management Act (FISMA) and other relevant policies, guidelines, and procedures.
• Security Policy Implementation: Implement GAO's security policy and technical requirements for system design and operations; provide preliminary information security advice and recommendations.
• Security Requirements Engineering: Develop information security requirements and engineering solutions for new systems, review system security plans, and make improvement recommendations.
• ISSO Oversight: Oversee Information System Security Officers (ISSOs) under the contract, providing oversight in developing security guidelines and ensuring compliance with federal requirements.
• SASE and Zero Trust Implementation: Experience with SASE and Zero Trust implementations and managing those environments.
• Stakeholder Collaboration: Maintain productive working relationships with ISTS Chief Information Security Officer and other ISTS leaders to share information and recommendations regarding security threats, incidents, or other security matters.
• Monitoring and Security Management: Manage all monitoring and security work required to assess performance, collaborate on goal setting, and provide feedback on personal development.
• Information Security Standards: Implement and maintain Information Security standards and best practices.
• Incident Handling: Develop and execute procedures for handling security incidents, outages, and escalations, coordinating with internal teams and external contractors to minimize downtime and impact on business operations.

Qualifications

• Bachelor's degree in computer science, Information Technology, or a related field and nine (9) years of or more of total experience, or seven (7) and a Masters, or four (4) and a PhD
• Minimum of 5 years' experience in the cybersecurity field and/or Enterprise Monitoring.
• Certified Information Systems Security Professional (CISSP) certification (or equivalent).
• Proven experience in cloud and infrastructure management, application support, or related roles.
• Strong understanding of IT best practices.
• Excellent leadership, communication, and interpersonal skills.
• Must be able to obtain Public Trust clearance

Target salary range: $160,001 - $200,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.