Compliance Security Lead
6314 Remote/Teleworker US
Leidos has an immediate need for a Compliance Security Lead, contingent upon contract award.
The Compliance Security Lead will lead the implementation and improvement of administrative and technical controls of the Information Security Management System for the program. The selected candidate will create and deploy the corporate governance framework for cybersecurity risk, including identifying risks and awareness, and provide briefings to senior leaders to advise them of critical issues that may affect business or security posture. Help conduct security and privacy assessments. Assess and create and execute remediation plan for the same.
Role will be hybrid. Must be local to the DC Metro area for onsite meetings in Reston, Rockville, Silver Spring or DC.
Be US Citizen or US Person (Green Card Holder) with the ability to obtain a level 5 Public Trust Clearance.
Primary Responsibilities
- Lead projects, define priorities, and articulate tradeoffs as you advocate for continually improving the state of our information security and IT compliance functions
- Lead, support, and mentor security and compliance teams in secure development practices
- Act as a security and compliance subject matter expert and resource within the broader organization
- Develop and lead strategies for the governance, risk and compliance functions across the company that support transformation of the security function
- Ensure exposure to cybersecurity risks are identified and managed at an acceptable level
- Maintain a security risk registry with clearly defined owners and timelines for each risk
- Lead, coordinate, track and report all cybersecurity-related external assessments and internal audits including action plans and responses
- Lead and deliver security training and awareness programs
- Drive continuous improvement across all aspects of managing product security vulnerability reports and inquiries, communicating product security information to customers amongst other customer-related issues
- Build solid working relationships with business stakeholders to maintain and improve product and application security processes
- Interacting with project management team members and vendors on application projects
- Implement and remediating security weaknesses, audit user system activity, perform security exercises, coordinate and perform all Authority to Operate (ATO) activities and related documentation requirements.
Basic Qualifications
- BS degree in Computer Science or related technical field and 7 years of prior relevant experience
- Leadership experience in cybersecurity
- Ability to obtain a Public Trust Clearance
- Good understanding of popular application security standards including OWASP TOP 10 and SANS TOP 25
- Strong understating of Single Sign-on (SSO) and Multi-factored authentication (MFA)
- Knowledge/experience in data protection tools and techniques
- Knowledge/experience in identity access management tools and common networking protocols
- Act as a security and compliance subject matter expert and resource within the broader organization
- Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences
- Knowledge of NIST security controls and Risk Management Framework, Zero Trust Models and awareness and training programs
Preferred Qualifications
- Certifications such as: CISSP, CISM or CISA is desired
- Static Code Analysis, DAST Penetration Testing, Intrusion Detection/Prevention, etc.
- Previous experience in software development and/or cloud infrastructure operations.
- Cloud Security and/or Networking Professional certification.
hhsfda
Original Posting Date:
2024-10-30While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $101,400.00 - $183,300.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
ApplyJob Profile
Ability to obtain a public trust clearance Hybrid role Must be local to DC metro area Must be US citizen or green card holder Remote/Teleworker US US Citizen or US Person
Benefits/PerksContinuous improvement Hybrid work Onsite meetings Public trust clearance Training Trust
Tasks- Analysis
- Conduct security assessments
- Continuous Improvement
- Coordinate audits
- Deliver security training
- Develop
- Develop governance framework
- Development
- Documentation
- Drive continuous improvement
- Implement
- Lead implementation of security controls
- Lead projects
- Manage cybersecurity risks
- Mentor security teams
- Project management
- Risk Management
- Security management
- Software development
- Testing
Analysis Application Security Audit Cloud Cloud Infrastructure Cloud Security Code Analysis Communication Compensation Compliance Computer Computer Science Continuous Improvement Cybersecurity Data Data Protection Documentation Education Governance Governance Framework Identity Access Management Implementation Information security Infrastructure Internal Audits Intrusion Detection IT IT compliance Leadership Management MFA Multi-factor authentication Networking Networking Protocols NIST NIST security controls Operations Organization Penetration Testing Prevention Project Management Remediation Risk Management Risk Management Framework Security Security Controls Security management Security posture Security standards Security Training Single-Sign-On Software Software Development Spring SSO Static Code Analysis Support Teams Technical Testing Training Training Programs Verbal communication Zero trust models
Experience7 years
EducationAS B.S. in Computer Science Business Computer Science Degree Information Security IT Related technical field Science Security Software Development Technical Technical field
CertificationsCISA CISM CISSP NIST Privacy Professional certification Project Management Public Trust Public Trust clearance SANS
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9