Senior Principal Cybersecurity Compliance

Job Number:
Job Category:
Cyber Security
Yes, 10% of the time
Day Job
Potential for Teleworking:
Clearance Level Must Currently Possess:
Clearance Level Must Be Able to Obtain:
Leidos' Computer Information Security Office (CISO) is seeking a Senior Principal Cybersecurity Risk Management Compliance to serve as Subject Matter Expert in this field across Leidos, reporting directly to the VP of Cybersecurity Risk Management.
In this role, you will be responsible for risk management, governance and NIST/DFARS compliance and function as a technical security and compliance subject matter expert (SME) ensuring NIST/DFARS 800–171 operational, technical, and privacy, security control implementation adherence. This may involve creating a business case and then defining the requirements using various approaches such as use cases then decomposing the requirements to a sufficient level of detail allowing the implementation team to take action.
You must be able to communicate effectively with executive leadership (internally or client) regarding matters of significant importance to the organization/project, and work to influence others to accept area’s view/current practices and agree/accept new concepts, practices and approaches. Furthermore, you will influence development of solutions that impact strategic project/program goals and business results.
We are looking for someone with “can do” attitude, willingness and ability to embrace challenges as they arise, and the ability to engage quickly on multiple top priorities. This role will provide recommendations on how Leidos IT and business functions will support NIST/DFARS compliance by analyzing and measuring the effectiveness of existing IT/IT security business processes and technologies and developing implementable and sustainable solutions.
- Responsible for translating NIST/DFARS compliance and business drivers into requirements and translating requirements into actionable tasks
- Communicate with business and technical staff
- Track and manage use cases and/or requirements across the Program Life Cycle
- Identify impacts of system changes
- Document requirements, use cases, user impact statements into deliverable work artifacts.
- Perform ongoing monitoring of compliance with NIST/DFARS 800-171 documentation requirements to provide timely detection, identification and alerting of non-compliance issues.
- Provide expertise, guidance and recommendations on developing and improving NIST/DFARS 800-171 related documents and templates including configuration management plans, incident response plans, Plan of Action & Milestones (POA&M), risk assessments, and SSP implementation statements.

- Master’s degree and minimum 15 years of relevant experience, or Bachelor's degree and minimum 17 years of relevant experience.
- Proven experience translating business drivers into requirements and translating those requirements into actionable tasks
- Excellent communication with business and technical staff
- Experience presenting conceptual representations of processes and ‘business as usual’ activities as trackable milestones
- Experience tracking and managing use cases and/or requirements from program inception to completion
- Experience with identifying impacts of system changes and documenting requirements, use cases, user impact statements into deliverable work artifacts
- Experience with NIST/DFARS or ISO 27001 related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements.
- Experience with in applying NIST/DFARS 800-171 Risk Management principles, interpreting requirements, and developing implementation guidance.
- Experience implementing requirements and guidance, writing policies, procedures, guidance, standards and instructional materials.

- Active Secret clearance
- Experience with cyber security measures and configurations on a variety of hardware and software tools – firewalls, routers, password protections, encryption methods, Active Directory groups, LAN/WAN/WiFi, mobile devices.
- Demonstrated experience as an analyst within either Enterprise Business Systems or Engineering projects
- A Master's degree in Information Systems, Information Technology, Business, or Management is preferred
- Knowledge of existing Leidos IT and CIS systems
- Ability to adapt in response to shifts in corporate direction
- Familiarity with both engineering and development projects    
- Experience with PCI, PII, and HIPAA regulations and remediation.
- Security+ or CISSP Certification

Leidos Overview:
Leidos is a global science and technology solutions leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported pro forma annual revenues of approximately $10 billion for the fiscal year ended January 1, 2016 after giving effect to the recently completed combination of Leidos with Lockheed Martin's Information Systems & Global Solutions business (IS&GS). For more information, visit www.Leidos.com. The company’s diverse employees support vital missions for government and commercial customers. Qualified women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an Equal Opportunity Employer.
Other Locations:  
Link for schema