Compliance Security Lead

Leidos has an immediate need for a Compliance Security Lead, contingent upon contract award.

The Compliance Security Lead will lead the implementation and improvement of administrative and technical controls of the Information Security Management System for the program. The selected candidate will create and deploy the corporate governance framework for cybersecurity risk, including identifying risks and awareness, and provide briefings to senior leaders to advise them of critical issues that may affect business or security posture. Help conduct security and privacy assessments. Assess and create and execute remediation plan for the same.

Role will be hybrid. Must be local to the DC Metro area for onsite meetings in Reston, Rockville, Silver Spring  or DC.

Be US Citizen or US Person (Green Card Holder) with the ability to obtain a level 5 Public Trust Clearance.

Primary Responsibilities

• Lead projects, define priorities, and articulate tradeoffs as you advocate for continually improving the state of our information security and IT compliance functions
• Lead, support, and mentor security and compliance teams in secure development practices
• Act as a security and compliance subject matter expert and resource within the broader organization
• Develop and lead strategies for the governance, risk and compliance functions across the company that support transformation of the security function
• Ensure exposure to cybersecurity risks are identified and managed at an acceptable level
• Maintain a security risk registry with clearly defined owners and timelines for each risk
• Lead, coordinate, track and report all cybersecurity-related external assessments and internal audits including action plans and responses
• Lead and deliver security training and awareness programs
• Drive continuous improvement across all aspects of managing product security vulnerability reports and inquiries, communicating product security information to customers amongst other customer-related issues
• Build solid working relationships with business stakeholders to maintain and improve product and application security processes
• Interacting with project management team members and vendors on application projects
• Implement and remediating security weaknesses, audit user system activity, perform security exercises, coordinate and perform all Authority to Operate (ATO) activities and related documentation requirements.

Basic Qualifications

• BS degree in Computer Science or related technical field and 7 years of prior relevant experience
• Leadership experience in cybersecurity
• Ability to obtain a Public Trust Clearance
• Good understanding of popular application security standards including OWASP TOP 10 and SANS TOP 25
• Strong understating of Single Sign-on (SSO) and Multi-factored authentication (MFA)
• Knowledge/experience in data protection tools and techniques
• Knowledge/experience in identity access management tools and common networking protocols
• Act as a security and compliance subject matter expert and resource within the broader organization
• Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences
• Knowledge of NIST security controls and Risk Management Framework, Zero Trust Models and awareness and training programs

Preferred Qualifications

• Certifications such as: CISSP, CISM or CISA is desired
• Static Code Analysis, DAST Penetration Testing, Intrusion Detection/Prevention, etc.
• Previous experience in software development and/or cloud infrastructure operations.
• Cloud Security and/or Networking Professional certification.

hhsfda

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.