Description
Description
SAIC is seeking a Cybersecurity Risk and Compliance Lead to support a critical U.S. government agency in the National Capital Region. This mid-to-senior level hybrid role is responsible for leading the Audit Support and Risk Management workstream within the agency's infrastructure operations department's Governance, Risk, and Compliance (GRC) program. The role includes full lifecycle audit support, including preparing for audits, supporting interactions while auditors are onsite, and coordinating follow-up actions after the audit concludes. In addition, the position involves managing POA&M and risk documentation, contributing to formal reporting deliverables, and working across technical and business stakeholders to maintain a strong cybersecurity compliance posture.
The ideal candidate will bring experience with NIST-based frameworks such as RMF and SP 800-53, federal audit coordination, and the ability to work across multidisciplinary teams to support risk-based decisions and ongoing compliance.
Responsibilities:
· Lead coordination of the audit lifecycle, including planning, evidence collection, engagement with auditors, and tracking post-audit activities across stakeholders
· Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership
· Coordinate walkthroughs, compile and quality-assure audit artifacts, and manage the response to data requests from internal stakeholders and external entities
· Oversee or support the development, review, and tracking of Plans of Action and Milestones (POA&Ms), ensuring remediation efforts are timely, well-documented, and technically sound
· Prepare or contribute to recurring compliance reports, including POA&M status summaries, security control implementation tracking, artifact expiration monitoring, audit-related data call summaries, and cloud service posture updates
· Collaborate with SMEs to develop risk acceptance proposals, including justification of business needs, mitigation strategies, and documentation for Authorizing Officials
· Support Security Impact Analyses (SIAs) by identifying affected NIST controls and evaluating risks in collaboration with technical teams
· Facilitate or perform in-depth risk assessments of systems to identify vulnerabilities and develop mitigation recommendations
· Review and maintain system security documentation such as SSPs, architecture diagrams, and boundary definitions as part of the agency's continuous monitoring program
· Ensure compliance with NIST SP 800-53, RMF, FISMA, and agency-specific requirements by engaging with stakeholders to align operational practices
· Review and analyze audit findings, monitor remediation progress, and prepare closure documentation and status reports for senior leadership
· Contribute to IT governance processes by supporting security waiver requests, coordinating risk acceptance reviews, and assisting in the evaluation of standards and exception justifications
· Support synchronization and accuracy of security data across agency tools to ensure alignment of documentation and reporting
· Identify and document security and privacy weaknesses, assess associated risks, and contribute to the development and maintenance of agency's Master Issue Resolution Log (IRL) in collaboration with SMEs
· Contribute to tool and workflow improvements, such as dashboards, that enhance the effectiveness of risk and compliance operations
Qualifications
Requirements:
• Bachelor's degree and 7 or more years of cybersecurity, risk, or compliance experience, or a Master's degree and 5 or more years
• At least 3 years of experience managing POA&Ms, audit coordination, or risk documentation in a federal IT environment
• Strong working knowledge of NIST frameworks such as SP 800-53 and RMF, FISMA, and federal audit processes including OMB A-123 and FISCAM
• Excellent communication and collaboration skills to work with SMEs, system owners, and auditors
• Ability to interpret technical security risks and clearly explain them to both technical and non-technical audiences
• Proficiency in Microsoft Office applications including Word, Excel, PowerPoint, and SharePoint
Preferred Qualifications:
• Certification such as CISSP, CISA, CISM, or Security+
• Experience with GRC platforms such as CSAM or eMASS, and SharePoint-based workflows
• Familiarity with continuous monitoring and cloud compliance frameworks such as FedRAMP
• Experience with metrics and reporting tools such as Power BI
Clearance Requirement:
All candidates must be eligible to obtain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Apply on company website
Find Connections via Linkedin
