Leidos is seeking an Information Security Governance Principal to join our Corporate Information Security Group. This position can be supported from Gaithersburg - MD, Reston - VA, or Orlando - FL with occasional telework arrangements at supervisor's discretion.
In this role, you will report directly to the Director of Cybersecurity Governance and work within our Computer Information Security (CIS) department to define and communicate cyber governance and compliance priorities. You will be responsible for providing Cybersecurity governance and compliance expert guidance, process improvement, reporting and metrics at the enterprise level. You will also be responsible for establishment and implementation of a framework and process for continual oversight to ensure Cybersecurity Governance compliance of internal and external regulations, policies and laws on a global scale. In addition, the role will be responsible for monitoring compliance against requirements, reporting issues and working to identify remediation options/solutions.
- Implement the Leidos Cybersecurity Governance framework and process for continual compliance of internal and external regulations, policies and laws
- Track progress of adoption, maturity and degree of compliance through governance processes and dashboard metrics/KPIs
- Ensure completeness of governance controls and documentation
- Ensure any new controls and processes are integrated into the CIS Governance Framework
- Lead or participate as needed in cross-functional teams to integrate processes (change, risk management, governance, etc.) in support of CIS Governance and operational aspects of the business
- Proactively track, challenge and drive to closure all Cybersecurity owned issues (e.g. audit findings) and maintain oversight
- Define and communicate Cybersecurity governance and compliance priorities
- Establish and maintain regular written and in-person communications pertinent to Cybersecurity governance and security activities
- Help develop, maintain, evaluate and implement policies and procedures in line with both business requirements and national and international legislative changes
- Work with Line, Cyber and IT personnel to ensure awareness and alignment of ongoing industry and best practice compliance obligations.
- Bachelor's degree in Information Systems or a related field and minimum 8 years of Cybersecurity or Information Security related experience. Additional years of relevant experience and / or professional certifications will be considered in lieu of Bachelor's degree.
- Demonstrated knowledge and operational understanding of Cybersecurity Laws and regulations in both the U.S. and abroad impacting data protection and the confidentiality, integrity and availability of systems and data including NIST Cybersecurity Framework (CSF), NIST Special Publication 800-171 (DFARS), NIST Special Publication 800-53, ISO 27001, GDPR, etc.
- Excellent oral and written communication skills with an ability to translate security and operational controls or gaps into residual risk and identify mitigations.
- Strategic mindset and demonstrated ability to understand leadership's long term visions and articulate such into the development of near term plans to achieve strategic goals.
- Strong interpersonal skills and professionalism to foster collaboration on resolution of compliance gaps and issues.
- Ability to build strong partnerships and relationships with organizational entities outside of CIS.
- Strong understanding, experience and knowledge of DevOps and DevSecOps concepts.
- Experience with activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements consistent with common frameworks e.g., NIST.
- US Citizenship is required and able to obtain security clearance.
- Certification(s): Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA), or Certified Information Privacy Professional (CIPP), or Federal Information Technology Specialist (FITSP)