Job Requisition:Information Security Governance Specialist
Leidos is seeking an Information Security Governance Specialist to join our Corporate Information Security Group in Reston - VA or Orlando - FL.
In this role, you will report directly to the Director of Cybersecurity Governance and work within our Computer Information Security (CIS) department to define and communicate cyber governance and compliance priorities. You will be responsible for providing cybersecurity governance and compliance expert guidance, process improvement, reporting and metrics at the enterprise level. You will also be responsible for defining precise cybersecurity service delivery workflows and processes in the context of ITIL, ensuring adherence to the Leidos cybersecurity framework and cybersecurity processes for continual oversight to ensure Cybersecurity Governance compliance of internal and external regulations, policies and laws on a global scale. This role will also be in charge of analyzing the business model for information security and articulate the interrelations among the organizational design and strategy, people, process and technology elements. This position requires understanding of the interconnections of governance, Leidos corporate culture, and enabling and supporting the business while ensuring adherence of information security governance requirements to protect Leidos information and assets. In addition, the role will be responsible for monitoring compliance against requirements, reporting issues and working to identify remediation options/solutions.
- Ensure adherence to the Leidos Cybersecurity Governance framework and establish processes for continual compliance of internal and external regulations, policies and laws
- Track progress of adoption, maturity and degree of compliance through governance processes and dashboard metrics/KPIs
- Create and implement a strategy for cybersecurity Governance services and oversight workflows based off of ITIL information security management processes framework methodology
- Perform key cybersecurity maturity assessments and report regularly on key capability maturity activities
- Ensure completeness of governance controls and documentation
- Ensure any new controls and processes are integrated into the CIS Governance Framework
- Lead or participate as needed in cross-functional teams to integrate processes (change, risk management, governance, etc.) in support of CIS Governance and operational aspects of the business
- Proactively track, challenge and drive to closure all Cybersecurity owned issues (e.g. audit findings) and maintain oversight
- Define and communicate cybersecurity governance and compliance priorities
- Establish and maintain regular written and in-person communications pertinent to cybersecurity governance and security activities
- Help develop, maintain, evaluate and implement policies and procedures in line with both business requirements and national and international legislative changes
- Work with Line, Cyber and IT personnel to ensure awareness and alignment of ongoing industry and best practice compliance obligations.
- Bachelor’s degree in Information Systems or a related field and minimum 8 years of Cybersecurity or Information Security related experience. Additional years of relevant experience and / or professional certifications will be considered in lieu of Bachelor’s degree.
- Demonstrated knowledge OF and operational understanding of ITIL (v4) Foundation and Information Security Management concepts
- Demonstrated knowledge and operational understanding of Cybersecurity Laws and regulations in both the U.S. and abroad impacting data protection and the confidentiality, integrity and availability of systems and data including NIST Cybersecurity Framework (CSF), NIST Special Publication 800-171 (DFARS), NIST Special Publication 800-53, ISO 27001, GDPR, etc.
- Excellent oral and written communication skills with an ability to translate security and operational controls or gaps into residual risk and identify mitigations
- Strategic mindset and demonstrated ability to understand leadership’s long term visions and articulate such into the development of near term plans to achieve strategic goals
- Strong interpersonal skills and professionalism to foster collaboration on resolution of compliance gaps and issues.
- Ability to build strong partnerships and relationships with organizational entities outside of CIS
- Strong understanding, experience and knowledge of DevOps and DevSecOps concepts
- Experience with activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements consistent with common frameworks e.g., NIST
- US Citizenship is required and able to obtain security clearance
- Certification(s): Information Technology Infrastructure Library (ITIL) v4 Foundation Certification and Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA), or Federal Information Technology Specialist Manager or Auditor (FITSP-M or A)
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:None
Travel:Yes, 10% of the time
Scheduled Weekly Hours:40
Job Family:Cyber Security3000Corporate
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to email@example.com.
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.