Leidos is looking to improve and advance our organization. Our program is focused on the delivery of data center services to our CMS customers and is structured around both current and legacy platforms in a consumption-based services model. We are looking to add skilled, energetic leaders and technologist who believe in cross functional teams, exhibit broad-based skills, maintain a customer-focused mindset, and have a willingness to step out of their work stream to get the job done.
With a "no downtime, zero outages" vision and mantra, we support a range of data center needs ranging from self-service to white-glove services, all of which are based on our customer's required level of support. Our organization is comprised of a team supporting PMO, Security, Quality, Intake, Service Delivery, Engineering, and Service Operations. With these teams access resources from our functional teams supporting Network, Security, Firewall, z/OS and z/VM operations, Unix Operations, Change Management, Monitoring, Capacity Management, x86 Operations, and Storage Operations. Part of everyone's responsibility is to help drive the new consumption-based services oriented model.
Now to you - your mission, if you choose to accept it as the Security Governance, Risk, and Compliance (GRC) Lead, will require you to coordinate closely with senior leadership to help establish clear objectives and effectively communicate program quality needs, set standards for organization, perform audits, and identify where improvements can be established. You will interact daily with technical resource which are fulfilling technical requirements for the customer. Your goal will be to work with all stakeholders to help Leidos ensure delivery of high-quality, robust and scalable solutions with minimal business impact.
The current work environment is on-site at Leidos in Winsor Mill / Woodlawn, Maryland with potential for on-site work at CMS (in the same location). Telecommute opportunities are currently being evaluated and may become available based upon teams supported, work hours, and work performance.
Under the direction of the Program Manager and Deputy Program Manager, the Security Governance, Risk, and Compliance (GRC) Lead manages all program elements with regards to security governance, risk, and compliance. The Security GRC Lead is responsible for the assessment and documentation of the IHCCS (and potentially other related programs) compliance and risk posture as they relate to information assets.
The purpose of this position is to provide highly-skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities include:
• Providing leadership and project management expertise,
• Identify, coordinate, and manage new / existing projects.
• Effective system-wide security analysis,
• Intrusion detection,
• Standards and testing,
• Risk assessment,
• Awareness and education,
• Understanding of common security standards and regulations, and
• Development of policies, standards and guidelines.
• Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the technology systems.
• Build and maintain Issues / Action Items / Risks / Lessons Learned Logs.
• Ensure all Leidos workstations (images) are properly configured for security, to include file encryption software. Ensure that personnel understand when to apply the tool and how to apply the tool.
Policy / Compliance
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ITAR, HIPAA, NIST 800-171 and FISMA.
• Frequently test compliance with security policies.
Outreach / Awareness / Training
• Interacts in both oral and written communications with all levels of System staff including; Computer center staff, developers and other ITS staff, general counsel, auditors, and all system staff / technology vendors / contractors in matters related to information security and security awareness materials.
• Track and ensure that all related security training requirements are completed.
• Develop, coordinate, and manage security analytics activities.
• Work with Internal audit and outside consultants as appropriate on required security assessments and audits.
• Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing agencies, and outcomes.
• Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities, and provide a consistent perspective that continually puts the institution in its best light.
• Provide guidance, evaluation and advocacy on audit responses.
• Address CAPs / POA&Ms as required.
• Must be able to assess computer hardware, software, and systems for security risks or violations and work with staff and technology vendors to recommend solutions.
• Develop strategies to address awareness and training for all stakeholders as well as technical solutions.
• Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.
• Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.
Security Planning (BIA, BCP, DR)
• Define security GSS / boundaries / scope.
• Develop, manage, and maintain a proper BIA, BCP, and DR documentation, procedures, and processes are in place.
• Test BIA, BCP, and DR documentation appropriately based upon the environment supported at CMS.
Manage team assignments and tasking to ensure complete coverage of all assigned tasks.
Ensure operational environment remains operational.
Ensure tasks are completed as planned.
Complete service and change requests on schedule.
Financial management of your team, which includes hardware, software, and staffing.
Manage and optimize costs with close focus on under runs and over runs.
Manage all personnel needs and interact with HR when required.
Perform annual personnel write-ups and reviews.
Ensure personnel performance.
Ensure that any technical proposal needs are supported.
Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
Operate with a high degree of independence with regard to project management activities, including development of project plans and budget / resource estimates.
Perform other duties as assigned to ensure the smooth function of the department and maintain the reputation of the organization as a viable business partner.
Ensure that Badging / Security Training for both Leidos and CMS in maintained in a coordinated, controlled manner.
BA/BS or equivalent experience and 8+ years of prior relevant experience or Masters with 6+ years of prior relevant experience. Generally has 4+ years of experience supervising or leading teams or projects.
• Good - Excellent writing and verbal communication skills.
• Ability to adapt and be productive in a dynamic environment.
• Strong communication and collaboration skills supporting multiple stakeholders and business operations with both technical and non-technical
• Proficiency in Microsoft Office applications (PowerPoint, Excel, Word, Project)
• Information security experience in Federal government.
• Experience performing information security audits or risk assessments.
• Familiarity with security auditing processes.
• Knowledge of information security risk management frameworks and compliance practices.
• Knowledge of securing network technologies, client, and server operating systems.
• Ability to develop security standards and guidelines based on best practices and industry standards.
• Experience responding to, analyzing, and communicating information security incidents.
• Skills in documenting risk and compliance activities.
• Proficient in Visio.
• Agile-based knowledge and skill.
External Referral Bonus:
Potential for Telework:
Clearance Level Required:
Scheduled Weekly Hours: