Overview
On Site
USD 120,001.00 - 160,000.00 per year
Full Time
Skills
Risk Management
Security Controls
Impact Analysis
Risk Assessment
System Security
NIST SP 800 Series
Status Reports
Leadership
IT Governance
Evaluation
Privacy
Issue Resolution
Dashboard
Cyber Security
Management
Documentation
RMF
Risk Management Framework
FISMA
Auditing
OMB
FISCAM
Communication
Collaboration
Microsoft Office
Microsoft Excel
Microsoft PowerPoint
CISSP
CISA
CISM
Security+
SAP GRC
eMASS
Workflow
Continuous Monitoring
Cloud Computing
Regulatory Compliance
FedRAMP
Reporting
Microsoft Power BI
Security Clearance
SAP BASIS
Information Technology
Systems Engineering
FOCUS
Job Details
Job ID: 2505658
Location: WASHINGTON, DC, US
Date Posted: 2025-05-14
Category: Cyber
Subcategory: Cybersecurity Spec
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: Public Trust
Potential for Remote Work: Yes
Description
SAIC is seeking a Cybersecurity Risk and Compliance Lead to support a critical U.S. government agency in the National Capital Region. This mid-to-senior level hybrid role is responsible for leading the Audit Support and Risk Management workstream within the agency's infrastructure operations department's Governance, Risk, and Compliance (GRC) program. The role includes full lifecycle audit support, including preparing for audits, supporting interactions while auditors are onsite, and coordinating follow-up actions after the audit concludes. In addition, the position involves managing POA&M and risk documentation, contributing to formal reporting deliverables, and working across technical and business stakeholders to maintain a strong cybersecurity compliance posture.
The ideal candidate will bring experience with NIST-based frameworks such as RMF and SP 800-53, federal audit coordination, and the ability to work across multidisciplinary teams to support risk-based decisions and ongoing compliance.
Responsibilities:
Lead coordination of the audit lifecycle, including planning, evidence collection, engagement with auditors, and tracking post-audit activities across stakeholders
Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership
Coordinate walkthroughs, compile and quality-assure audit artifacts, and manage the response to data requests from internal stakeholders and external entities
Oversee or support the development, review, and tracking of Plans of Action and Milestones (POA&Ms), ensuring remediation efforts are timely, well-documented, and technically sound
Prepare or contribute to recurring compliance reports, including POA&M status summaries, security control implementation tracking, artifact expiration monitoring, audit-related data call summaries, and cloud service posture updates
Collaborate with SMEs to develop risk acceptance proposals, including justification of business needs, mitigation strategies, and documentation for Authorizing Officials
Support Security Impact Analyses (SIAs) by identifying affected NIST controls and evaluating risks in collaboration with technical teams
Facilitate or perform in-depth risk assessments of systems to identify vulnerabilities and develop mitigation recommendations
Review and maintain system security documentation such as SSPs, architecture diagrams, and boundary definitions as part of the agency's continuous monitoring program
Ensure compliance with NIST SP 800-53, RMF, FISMA, and agency-specific requirements by engaging with stakeholders to align operational practices
Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership
Contribute to IT governance processes by supporting security waiver requests, coordinating risk acceptance reviews, and assisting in the evaluation of standards and exception justifications
Support synchronization and accuracy of security data across agency tools to ensure alignment of documentation and reporting
Identify and document security and privacy weaknesses, assess associated risks, and contribute to the development and maintenance of agency's Master Issue Resolution Log (IRL) in collaboration with SMEs
Contribute to tool and workflow improvements, such as dashboards, that enhance the effectiveness of risk and compliance operations
Qualifications
Requirements:
Bachelor's degree and 7 or more years of cybersecurity, risk, or compliance experience, or a Master's degree and 5 or more years
At least 3 years of experience managing POA&Ms, audit coordination, or risk documentation in a federal IT environment
Strong working knowledge of NIST frameworks such as SP 800-53 and RMF, FISMA, and federal audit processes including OMB A-123 and FISCAM
Excellent communication and collaboration skills to work with SMEs, system owners, and auditors
Ability to interpret technical security risks and clearly explain them to both technical and non-technical audiences
Proficiency in Microsoft Office applications including Word, Excel, PowerPoint, and SharePoint
Preferred Qualifications:
Certification such as CISSP, CISA, CISM, or Security+
Experience with GRC platforms such as CSAM or eMASS, and SharePoint-based workflows
Familiarity with continuous monitoring and cloud compliance frameworks such as FedRAMP
Experience with metrics and reporting tools such as Power BI
Clearance Requirement:
All candidates must be eligible to obtain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Location: WASHINGTON, DC, US
Date Posted: 2025-05-14
Category: Cyber
Subcategory: Cybersecurity Spec
Schedule: Full-time
Shift: Day Job
Travel: No
Minimum Clearance Required: None
Clearance Level Must Be Able to Obtain: Public Trust
Potential for Remote Work: Yes
Description
SAIC is seeking a Cybersecurity Risk and Compliance Lead to support a critical U.S. government agency in the National Capital Region. This mid-to-senior level hybrid role is responsible for leading the Audit Support and Risk Management workstream within the agency's infrastructure operations department's Governance, Risk, and Compliance (GRC) program. The role includes full lifecycle audit support, including preparing for audits, supporting interactions while auditors are onsite, and coordinating follow-up actions after the audit concludes. In addition, the position involves managing POA&M and risk documentation, contributing to formal reporting deliverables, and working across technical and business stakeholders to maintain a strong cybersecurity compliance posture.
The ideal candidate will bring experience with NIST-based frameworks such as RMF and SP 800-53, federal audit coordination, and the ability to work across multidisciplinary teams to support risk-based decisions and ongoing compliance.
Responsibilities:
Lead coordination of the audit lifecycle, including planning, evidence collection, engagement with auditors, and tracking post-audit activities across stakeholders
Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership
Coordinate walkthroughs, compile and quality-assure audit artifacts, and manage the response to data requests from internal stakeholders and external entities
Oversee or support the development, review, and tracking of Plans of Action and Milestones (POA&Ms), ensuring remediation efforts are timely, well-documented, and technically sound
Prepare or contribute to recurring compliance reports, including POA&M status summaries, security control implementation tracking, artifact expiration monitoring, audit-related data call summaries, and cloud service posture updates
Collaborate with SMEs to develop risk acceptance proposals, including justification of business needs, mitigation strategies, and documentation for Authorizing Officials
Support Security Impact Analyses (SIAs) by identifying affected NIST controls and evaluating risks in collaboration with technical teams
Facilitate or perform in-depth risk assessments of systems to identify vulnerabilities and develop mitigation recommendations
Review and maintain system security documentation such as SSPs, architecture diagrams, and boundary definitions as part of the agency's continuous monitoring program
Ensure compliance with NIST SP 800-53, RMF, FISMA, and agency-specific requirements by engaging with stakeholders to align operational practices
Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership
Contribute to IT governance processes by supporting security waiver requests, coordinating risk acceptance reviews, and assisting in the evaluation of standards and exception justifications
Support synchronization and accuracy of security data across agency tools to ensure alignment of documentation and reporting
Identify and document security and privacy weaknesses, assess associated risks, and contribute to the development and maintenance of agency's Master Issue Resolution Log (IRL) in collaboration with SMEs
Contribute to tool and workflow improvements, such as dashboards, that enhance the effectiveness of risk and compliance operations
Qualifications
Requirements:
Bachelor's degree and 7 or more years of cybersecurity, risk, or compliance experience, or a Master's degree and 5 or more years
At least 3 years of experience managing POA&Ms, audit coordination, or risk documentation in a federal IT environment
Strong working knowledge of NIST frameworks such as SP 800-53 and RMF, FISMA, and federal audit processes including OMB A-123 and FISCAM
Excellent communication and collaboration skills to work with SMEs, system owners, and auditors
Ability to interpret technical security risks and clearly explain them to both technical and non-technical audiences
Proficiency in Microsoft Office applications including Word, Excel, PowerPoint, and SharePoint
Preferred Qualifications:
Certification such as CISSP, CISA, CISM, or Security+
Experience with GRC platforms such as CSAM or eMASS, and SharePoint-based workflows
Familiarity with continuous monitoring and cloud compliance frameworks such as FedRAMP
Experience with metrics and reporting tools such as Power BI
Clearance Requirement:
All candidates must be eligible to obtain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.