IT Risk and Compliance Specialist Senior Principal

Type Of Requisition:

Regular

Clearance Level Must Currently Possess:

None

Clearance Level Must Be Able to Obtain:

None

Public Trust/Other Required:

None

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

Information Security, Information Technology (IT) Risk, Information Technology (IT) Risk Management

Certifications:

None

Experience:

8 + years of related experience

Us Citizenship Required:

No

Job Description:

Transform technology into opportunity as an IT Risk and Compliance Specialist Senior Principal with GDIT.  A career in enterprise IT means connecting and enhancing the systems that matter most. At GDIT you’ll be at the forefront of innovation and play a meaningful part in improving how agencies operate.

GDIT's Technology Shared Services (TSS), Governance, Risk, and Compliance (GRC) team is seeking an experienced IT Risk and Compliance Specialist Senior Principal. Our team provides services across GDIT programs to ensure the confidentiality, integrity, and availability of information systems while supporting compliance with relevant regulations and standards.

This role requires a highly knowledgeable self-starter to independently manage the full Risk Management Framework (RMF) lifecycle for multiple systems concurrently. The ideal candidate will operate in a dynamic, high-tempo environment, applying deep expertise in risk management and regulatory compliance to protect critical information assets.

HOW THE IT RISK AND COMPLIANCE SPECIALIST SENIOR PRINCIPAL WILL MAKE AN IMPACT:

• Manage the security posture and authorization lifecycle for multiple cloud and on-premises information systems.
• Conduct continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and security control assessments.
• Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), and Risk Assessment Reports (RARs).
• Periodically assess the risk to organizational operations (mission, functions, image, reputation) and organizational assets in accordance with organizational risk management policies.
• Proactively monitor emerging security threats and technology advancements to recommend and implement process and tools improvements. to contribute
• Ensure system compliance with NIST special publications, FedRAMP requirements, DISA STIGs, and CIS Benchmarks.
• Assess and mitigate system vulnerabilities; track remedial actions to closure.
• Support incident response, contingency planning, and disaster recovery efforts.
• Serve as the primary security advisor to system owners, developers, and administrators.
• Interface with auditors and assessors during security control assessments and authorization events.
• Provide security-focused input for new business proposals and solutions.

Key Responsibilities:

• Act as a subject matter expert on information security topics and provide guidance to management and staff
• Oversee the identification, assessment, and mitigation of IT risks across GDIT’s and our customer’s information technology systems environments
• Facilitate and collaborate RMF steps with data owners, system owners, authorizing officials, and technical teams to prepare, categorize, select, implement, assess, authorize and monitor privacy and security controls in accordance with organizational risk policy.
• Ensure compliance with applicable regulatory requirements and policies
• Lead the development and execution of IT risk management and compliance strategies
• Develop, implement, and maintain IT risk and compliance processes, procedures, and standards
• Collaborate with IT and other departments to design and implement security controls for new and existing systems
• Maintain and update security documentation, including System Security Plans (SSPs), Cyber Security Environment and Program Requirements “Security Controls Workbook”, Architecture Diagrams, Risk Assessments, Plan of Action and Milestones (POA&Ms), and other AO/AODR required documents, etc.
• Monitor and analyze information systems for security incidents to identify vulnerabilities and propose solutions
• Conduct regular security assessments and audits to evaluate the effectiveness of information system security controls,
• Review vulnerability and compliance scan reports, and other relevant security reports and alerts for assigned systems
• Support incident response activities, including investigation, containment, and recovery efforts and annual incident response testing
• Lead incident response efforts for IT security and compliance breaches
• Collaborate with IT, legal, and business teams to address and resolve IT risk and compliance issues
• Provide guidance and recommendations to senior management on IT risk and compliance matters
• Train and mentor staff on IT risk management and compliance best practices
• Support business development recommending solutions, contributing to responding to Request for Proposals (RFPs), and providing input for costing/pricing
• Stay current with industry trends, regulatory changes, and emerging risks in the IT landscape

What You’Ll Need To Succeed:

• Education: Technical training, certificate, or degree in information/cyber security or a related field
• Experience: Minimum of 8+ years of experience in IT risk management, IT compliance, or information security, with a significant portion in a leadership role (e.g., ISSO, ISSE, ISSM)
• Certifications: At least one of the of the following: CISSP, CISM, and/or CISA
• Experience managing security projects as well as delivering and supporting customer security requirements
• Comprehension of change and configuration management and security impact analysis
• Excellent problem-solving, analytical, and communication skills
• Ability to effectively collaborate across multi-functional teams
• Demonstrated experience performing complex technical tasks with minimal direction
• Possesses experience with communicating and presenting technical solutions and status to executives, key stakeholders and decision makers
• Experience with security tools and technologies (e.g., Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management)
• Strong understanding of security boundary protection strategies to include Intrusion Detection/Prevention devices, compensating controls, and firewall rules
• Experience supporting new business opportunities developing solutions, participating in oral presentations, and supporting costing / pricing

Knowledge Of:

• IT risk management frameworks and regulatory requirements (e.g., NIST, ISO 27001, COBIT, FISMA)
• Security and privacy controls (e.g., CIS Level 2, DISA STIG)
• GDIT Cyber Security Handbook (for internal candidates)
• Security authorization process (e.g., FedRAMP, DoD)
• Security audits and associated processes
• Contingency planning and disaster recovery

Preferred Qualifications:

• Ability to obtain and maintain a Top Secret security clearance
• Proven track record of successfully managing large-scale IT risk and compliance programs
• Additional relevant certifications such as CISA, CISSP, CISM, CGRC, and/or CRISC
• Familiarity with security management tools (e.g., Splunk, CrowdStrike, Qualys, Tenable, Enterprise Mission Assurance Support Service (eMASS). Archer, etc.)
• Experience with Microsoft Office Products, Adobe Pro, Visio, JIRA, ServiceNow
• Experience in a government or highly regulated environment (e.g., Department of Defense, Federal Civilian, Federal Health, Department of Homeland Security)
• Knowledge of cloud security best practices and technologies
• Experience with security automation and orchestration

Location: Hybrid at Bossier City, LA or Falls Church, VA. Candidates in Louisiana, District of Columbia, Maryland, or Virginia who are not within range of GDIT's offices in Bossier City or Falls Church may be considered for remote work.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.

• Growth: AI-powered career tool that identifies career steps and learning opportunities
• Support: An internal mobility team focused on helping you achieve your career goals
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Flexibility: Full-flex work week to own your priorities at work and at home
• Community: Award-winning culture of innovation and a military-friendly workplace
• OWN YOUR OPPORTUNITY
• Explore a career in cyber at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your focus on defending and protecting what matters.

The likely salary range for this position is $131,750 - $178,250. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

Less than 10%

Telecommuting Options:

Hybrid

Work Location:

USA LA Bossier City

Additional Work Locations:

USA DC Home Office (DCHOME), USA LA Home Office (LAHOME), USA MD Home Office (MDHOME), USA VA Falls Church, USA VA Home Office (VAHOME)

Total Rewards At Gdit:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at

Gdit.Com/Tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans