IT Cybersecurity Risk and Compliance Specialist Job
Job Description Job Attributes+
Reston, VA 20190-5228, US
Engineering & Technology
Job Description BAE Systems, Inc. is looking for an Information Technology (IT) Cybersecurity Risk, Audit and Compliance Specialist to join our Enterprise Shared Services Information Technology (ESS- IT), IT Infrastructure and Cybersecurity Operations team area in Reston, VA.
The IT Cybersecurity Risk, Audit and Compliance Specialist will serve as the cybersecurity compliance subject matter expert for the Infrastructure and Cybersecurity Operations organization. In this role they will function as the primary lead and liaison for internal, external and regulatory audits of applications across the Infrastructure and Cybersecurity Operations organization. They will coordinate with and represent the Infrastructure and Cybersecurity Operations team in audit entrance / exit briefings and interviews, facilitate data, information, and artifact gathering requests, assist with reviews and responses to audit finding reports and remediation to audit findings, process engineering, service alignment and as well as provide status reporting to senior management. Additionally, the IT Cybersecurity Risk, Audit and Compliance Specialist will be responsible for proactively monitoring cybersecurity controls compliance within application solutions portfolio, identifying non-compliance, clarifying alternative solutions options and leading timely remediation of the non-compliant findings.
- Acts as the lead and liaison for Infrastructure and Cybersecurity Operations to ensure cybersecurity controls audits are appropriately planned for, supported, responded to, and closed. Ensures the readiness of Application teams for audits; both internal and external.
- Works with the service areas teams to ensure processes and procedures, documentation, and other supporting artifacts needed for compliance exist and are maintained by the organization. Leads the development of missing artifacts and the maintenance of existing artifacts.
- Coordination of applications matrix resources though appropriate understanding of definition of findings to plan appropriate tasks, resources requirements, level of effort and duration necessary to complete remediation’s and close out findings.
- Identifies opportunities for enhancements to cybersecurity processes and controls and/or develop recommendations to ensure risks are adequately mitigated and compliant solutions implemented.
- Performs periodic monitoring and audits (as specified by policy and/or audit frameworks) to ensure required regulatory controls and internal policies and processes are being followed.
- Assesses for threats and vulnerabilities and the resulting exposures from ineffective or missing control practices.
- Manages the planning and delivery of remediation efforts following internal project management methodologies to ensure identified threats or vulnerabilities are successfully addressed in a timely manner.
- Collaborates with other IT teams to improve security compliance, manage risk and bolster effectiveness of cybersecurity controls.
- Collaborates with IT Business Partners and other stakeholders to maintain awareness of changes in risk profiles and promote the awareness of risk and compliance initiatives.
- Reviews daily, weekly and monthly threat alerts and analyses from the Cybersecurity team and coordinate appropriate actions.
- Remains current on cybersecurity auditing practices, emerging threats, industry regulatory changes and internal company policy and process changes.
- Prepares reports of audit findings, known vulnerabilities, and recommendations for remediation to application service areas.
- Manages and grow Cybersecurity awareness.
- Performs other related duties and responsibilities as required.
Required Education, Experience, & Skills
- Security Clearance: None (Must be Clearable)
- Bachelor's or Master’s degree from an accredited college or university, preferably with an emphasis in information systems, computer science, accounting, business or other related fields, and a minimum of ten (10) years of experience that is directly related to the duties and responsibilities specified.
- 5+ years of experience working with and supporting IT Applications Operations and Compliance.
- Experience with project management; planning, scheduling, and status reporting.
- Solid understanding and work experience with information security frameworks and IT audit methodologies.
- Working knowledge of DFARS and Cyber Security Maturity Model Certification (CMMC); NIST SP 800-171, and NIST SP 800-53 or similar security controls.
- Specific knowledge of IT Applications operations and technologies with a broader more general knowledge of other IT operational services such as Network Infrastructure technologies (WAN/LAN), Cybersecurity, Active Directory, Backup & Recovery, Data Centers, Messaging, Mobile Technologies, Remote Access, Storage, Operating Systems, Virtualization Services, and IT Service Desk.
- Proven ability to synthesize information from multiple sources to draw logical conclusions and support recommendations.
- Experience contributing to risk-based approach to drive solutions that maximize business operational efficiency and effectiveness.
- Experience articulating highly technical concepts across business and technical boundaries in a clear, concise and organized manner.
- Functions well both as an individual contributor and in team environments where collaboration and adaptability are important.
- Extensive experience building productive, collaborative and sustainable internal and external working relationships.
- Demonstrated ability to handle multiple concurrent projects, meet established deadlines and quickly adapt to changing priorities, all while working under limited supervision.
- Excellent verbal and written communication skills, ability to effectively communicate with technical and non-technical audiences.
Preferred Education, Experience, & Skills
- Certification or related certification in one or more of the following a plus:
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Internal Auditor (CIA)
About BAE Systems, Inc.BAE Systems is a premier global defense and security company with approximately 90,000 employees delivering a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support and services. People are the greatest asset in any Company. BAE Systems is committed to hiring and retaining a diverse workforce. Equal Opportunity Employer/Females/Minorities/Veterans/Disabled/Sexual Orientation/Gender Identity/Gender Expression
Who We Are
You're used to protecting what matters most.
Our team has the privilege and the responsibility of knowing that the work we do really matters. Our work is vital to the armed forces personnel and major corporations who rely on us to protect, equip and support them where it counts; to the security and prosperity of the nations we serve; to our skilled and talented people; to the local communities where we are based; and to the wider community who invest in, supply and engage with us. At BAE Systems, everyone can make a difference.
We believe that a diverse workforce inspires creativity and drives innovation. We respect and value the huge variety of skills, abilities and perspectives that our people bring to our business. We celebrate our differences and aim to recruit and develop talent from all backgrounds, championing the strength that a truly inclusive and collaborative workplace gives to our company culture and performance.
Enjoy a flexible environment that values your work-life balance and helps you perform at your best.
On the job training, leadership programs, collaboration with leading experts – excellence is built into your career development whether you are just starting out as an apprentice or are an experienced professional.
We’re united by trust, camaraderie and a shared ambition to lead the world in our field. It helps that we’re nice people too.
See your contribution, making real change as breakthrough technology and intelligence solutions reshape the landscape for our customers.
What We Offer+ Warrior Integration Program (Est. 2008)
This program was created to assist in the employment, transition, education, and development of wounded warriors. Through mentoring, partnership, education, and leadership, we vow to serve our veterans in the same manner they served our country. WIP provides mission-centered work that gives wounded warriors the opportunity to contribute, providing a path for career progression.
Camo to Corporate underpins all of our military recruiting and veteran efforts. We participate in annual career workshops and partner with VA employment reps to identify opportunities for vets at BAE Systems. We’re also proud members of Joining Forces, the Veteran Jobs Mission and Hiring our Heroes - initiatives focused on helping vets and their spouses find meaningful careers.
Meet Our Veterans
All of my co-workers have been very helpful with my transition into the company and in my training as a Common Missile Warning Systems technician. The camaraderie of the other WIP employees has also been instrumental in my transition out of the Marine Corps.
Retired Cpl. J. Munoz
Operating Enduring Freedom