Job Description

By providing the information below and checking the boxes referenced, you acknowledge and consent to SAIC's Privacy Policy to include access and use of your information for the purposes of sharing your information for possible employment recruitment effects by SAIC and it's third party vendors. For further information, see SAIC's privacy policy SAIC is seeking a Cybersecurity Risk and Compliance Lead to support a critical U.S. government agency in the National Capital Region. This mid-to-senior level hybrid role is responsible for leading the Audit Support and Risk Management workstream within the agency’s infrastructure operations department’s Governance, Risk, and Compliance (GRC) program. The role includes full lifecycle audit support, including preparing for audits, supporting interactions while auditors are onsite, and coordinating follow-up actions after the audit concludes. In addition, the position involves managing POA&M and risk documentation, contributing to formal reporting deliverables, and working across technical and business stakeholders to maintain a strong cybersecurity compliance posture. The ideal candidate will bring experience with NIST-based frameworks such as RMF and SP 800-53, federal audit coordination, and the ability to work across multidisciplinary teams to support risk-based decisions and ongoing compliance. Responsibilities: Lead coordination of the audit lifecycle, including planning, evidence collection, engagement with auditors, and tracking post-audit activities across stakeholders Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership Coordinate walkthroughs, compile and quality-assure audit artifacts, and manage the response to data requests from internal stakeholders and external entities Oversee or support the development, review, and tracking of Plans of Action and Milestones (POA&Ms), ensuring remediation efforts are timely, well-documented, and technically sound Prepare or contribute to recurring compliance reports, including POA&M status summaries, security control implementation tracking, artifact expiration monitoring, audit-related data call summaries, and cloud service posture updates Collaborate with SMEs to develop risk acceptance proposals, including justification of business needs, mitigation strategies, and documentation for Authorizing Officials Support Security Impact Analyses (SIAs) by identifying affected NIST controls and evaluating risks in collaboration with technical teams Facilitate or perform in-depth risk assessments of systems to identify vulnerabilities and develop mitigation recommendations Review and maintain system security documentation such as SSPs, architecture diagrams, and boundary definitions as part of the agency’s continuous monitoring program Ensure compliance with NIST SP 800-53, RMF, FISMA, and agency-specific requirements by engaging with stakeholders to align operational practices Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership Contribute to IT governance processes by supporting security waiver requests, coordinating risk acceptance reviews, and assisting in the evaluation of standards and exception justifications Support synchronization and accuracy of security data across agency tools to ensure alignment of documentation and reporting Identify and document security and privacy weaknesses, assess associated risks, and contribute to the development and maintenance of agency’s Master Issue Resolution Log (IRL) in collaboration with SMEs Contribute to tool and workflow improvements, such as dashboards, that enhance the effectiveness of risk and compliance operations Qualifications Requirements: Bachelor’s degree and 7 or more years of cybersecurity, risk, or compliance experience, or a Master’s degree and 5 or more years At least 3 years of experience managing POA&Ms, audit coordination, or risk documentation in a federal IT environment Strong working knowledge of NIST frameworks such as SP 800-53 and RMF, FISMA, and federal audit processes including OMB A-123 and FISCAM Excellent communication and collaboration skills to work with SMEs, system owners, and auditors Ability to interpret technical security risks and clearly explain them to both technical and non-technical audiences Proficiency in Microsoft Office applications including Word, Excel, PowerPoint, and SharePoint Preferred Qualifications: Certification such as CISSP, CISA, CISM, or Security+ Experience with GRC platforms such as CSAM or eMASS, and SharePoint-based workflows Familiarity with continuous monitoring and cloud compliance frameworks such as FedRAMP Experience with metrics and reporting tools such as Power BI Clearance Requirement: All candidates must be eligible to obtain a U.S. Public Trust clearance **This hybrid role requires a minimum of three on-site days per week in Washington, DC.** Job Description Description SAIC is seeking a Cybersecurity Risk and Compliance Lead to support a critical U.S. government agency in the National Capital Region. This mid-to-senior level hybrid role is responsible for leading the Audit Support and Risk Management workstream within the agency’s infrastructure operations department’s Governance, Risk, and Compliance (GRC) program. The role includes full lifecycle audit support, including preparing for audits, supporting interactions while auditors are onsite, and coordinating follow-up actions after the audit concludes. In addition, the position involves managing POA&M and risk documentation, contributing to formal reporting deliverables, and working across technical and business stakeholders to maintain a strong cybersecurity compliance posture. The ideal candidate will bring experience with NIST-based frameworks such as RMF and SP 800-53, federal audit coordination, and the ability to work across multidisciplinary teams to support risk-based decisions and ongoing compliance. Responsibilities: Lead coordination of the audit lifecycle, including planning, evidence collection, engagement with auditors, and tracking post-audit activities across stakeholders Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership Coordinate walkthroughs, compile and quality-assure audit artifacts, and manage the response to data requests from internal stakeholders and external entities Oversee or support the development, review, and tracking of Plans of Action and Milestones (POA&Ms), ensuring remediation efforts are timely, well-documented, and technically sound Prepare or contribute to recurring compliance reports, including POA&M status summaries, security control implementation tracking, artifact expiration monitoring, audit-related data call summaries, and cloud service posture updates Collaborate with SMEs to develop risk acceptance proposals, including justification of business needs, mitigation strategies, and documentation for Authorizing Officials Support Security Impact Analyses (SIAs) by identifying affected NIST controls and evaluating risks in collaboration with technical teams Facilitate or perform in-depth risk assessments of systems to identify vulnerabilities and develop mitigation recommendations Review and maintain system security documentation such as SSPs, architecture diagrams, and boundary definitions as part of the agency’s continuous monitoring program Ensure compliance with NIST SP 800-53, RMF, FISMA, and agency-specific requirements by engaging with stakeholders to align operational practices Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership Contribute to IT governance processes by supporting security waiver requests, coordinating risk acceptance reviews, and assisting in the evaluation of standards and exception justifications Support synchronization and accuracy of security data across agency tools to ensure alignment of documentation and reporting Identify and document security and privacy weaknesses, assess associated risks, and contribute to the development and maintenance of agency’s Master Issue Resolution Log (IRL) in collaboration with SMEs Contribute to tool and workflow improvements, such as dashboards, that enhance the effectiveness of risk and compliance operations Qualifications Requirements: Bachelor’s degree and 7 or more years of cybersecurity, risk, or compliance experience, or a Master’s degree and 5 or more years At least 3 years of experience managing POA&Ms, audit coordination, or risk documentation in a federal IT environment Strong working knowledge of NIST frameworks such as SP 800-53 and RMF, FISMA, and federal audit processes including OMB A-123 and FISCAM Excellent communication and collaboration skills to work with SMEs, system owners, and auditors Ability to interpret technical security risks and clearly explain them to both technical and non-technical audiences Proficiency in Microsoft Office applications including Word, Excel, PowerPoint, and SharePoint Preferred Qualifications: Certification such as CISSP, CISA, CISM, or Security+ Experience with GRC platforms such as CSAM or eMASS, and SharePoint-based workflows Familiarity with continuous monitoring and cloud compliance frameworks such as FedRAMP Experience with metrics and reporting tools such as Power BI Clearance Requirement: All candidates must be eligible to obtain a U.S. Public Trust clearance **This hybrid role requires a minimum of three on-site days per week in Washington, DC.** Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors. SAIC accepts applications on an ongoing basis and there is no deadline. Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site. Overview SAIC is a premier Fortune 500 technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com . For ongoing news, please visit our newsroom. Please apply through the internal career site here > Didn't find what you were looking for? Join our Talent Network to receive monthly updates on jobs, events, benefits and more! #J-18808-Ljbffr SAIC

Job Tags

Similar Jobs