Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance. Experience performing FISMA, OMB Circular A-123, or similar internal control assessments is nice to have. Experience remediating and implementing IT controls is beneficial. Experience testing or remediating some or all of the following IT controls topic areas is preferable. This position could be a G08 or G09 DOE.
* Access and account management, including authorization, provisioning, recertification, and separation * Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege * Technical account management controls, such as password length, complexity, and expiration * Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review * Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks * Change management, including authorization, development, testing, and deployment of changes * Contingency planning, including backups, testing of backups, and alternate sites
Responsibilities include some or all of the following:
* Performing rigorous assessments of IT controls using industry-standard guidance and leading practices * Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators * Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings * Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgment * Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion * Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel * Planning and executing day-to-day activities of IT controls assessments individually and for the team * Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans * Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
This role supports client work contractually requiring a Public Trust clearance.
* This position requires successful completion of a background check and employment verification.
The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.
Governance, Risk and Compliance Security Consulting Practice. You will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting. Looking for candidates that will:
* Work with Federal (and potentially commercial) clients in the role of Independent Security Consultant and Assessor * Plan and perform security assessments by evaluating network and security technologies * Verify system, application or business security by performing security assessments, code reviews, configuration and network design reviews * Interview key stakeholders across the client organization to support security assessment * Support and guide information risk and security discussions with technical and non-technical groups * Analyze client security programs for maturity and performance relating to industry accepted best practices * Develop recommendations for remediating risk and compliance gaps * Evaluate information security risk in for business environment controls and industry requirements * Provide client guidance for information security best practices * Follow standard methodologies for evaluating industry security controls based on formulized security frameworks * Execute in high demanding, fast paced environments with tight deadlines * Draft deliverable documentation to meet client security needs * Create security roadmaps for client security program development and improvement * Support GRC Practice and firm initiatives
GRC Security Consultant & Assessor
* BA/BS in information technology or related field preferred * 4 plus years of experience in security governance, risk assessments and regulatory/controls * Federal experience preferred * Experience and understanding of industry security tool including Splunk, RSA Archer, etc * Experience at a professional consulting services firm a plus * Experience with the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices * Must be able to assess clients against a wide variety of security and compliance frameworks (NIST (800-53, 800-37, 800-171, CSF), FISMA, FedRAMP, HIPAA, etc) * Experience with the development and implementation of information security policies, standards and related procedures for security programs
* A solid understanding of IT security technologies, including network and application security, firewalls, access management, and data protection * Strong written and verbal communication skills, including the ability to explain technical matters to a non-technical audience * Ability to clearly document assessment results * Ability to take a proactive approach in building, maintaining and expanding on client relationships * Knowledge of cloud security processes and technologies * Ability to work both independently and as part of a team * General understanding of federal contracting environment
Requires at least one of the following:
* Security+ * CISSP * CSIRC * CISA
* Bachelor's degree in Computer and Information Systems, Engineering, Science, or Mathematics with 6+ year's concentration in a Information Assurance role or equivalent experience; * Additional work experience may be considered in lieu of education * This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.
140821 Business Unit Profile
Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation and training solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated $6.2 billion in 2018 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.
None / Not Required
Type Of Job
VA - Dulles
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
Raytheon is a global company that specializes in defense and other government markets.