Audit and Risk Management Lead

Job ID: 2501477

Location: WASHINGTON, DC, US

Date Posted: 2025-02-04

Category: Cyber

Subcategory: Cybersecurity Spec

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: None

Clearance Level Must Be Able to Obtain: Public Trust

Potential for Remote Work: No

Description

SAIC is looking for an Audit and Risk Management Lead to join our team supporting an important US government agency in the National Capital Region. This is an exciting opportunity to work with a team responsible for IT Security Risk and Compliance support by providing direct support to the Information System Security and Privacy Officer (ISSPO) in managing and documenting the ongoing security posture of the agency. The Audit and Risk Management Lead will support IT management with POA&M and Audit management activities. Specifically, this job requires the following:

• Support IT Governance, Risk and Compliance (GRC) and Audit activities.

• Manage day-to-day audit support activities, including providing PBCs, scheduling walkthroughs, and developing audit briefings.

• Develop and deliver audit programs and training to improve consistency and quality.

• Build strong relationships with clients and internal departments to understand IT security challenges and opportunities.

• Support the creation of audit management best practices, tools, and drive audit remediation efforts.

• Lead responses to audits by OIG and other agencies (e.g., IRS, DHS).

• Write narratives, gather, and vet evidence to formally close audit recommendations.

• Review IT security artifacts for submission to federal leadership and auditing agencies (e.g., Office of Inspector General).

• Oversee the creation, execution, and closure of POAMs (Plans of Action and Milestones).

• Identify and analyze issues from control assessments and audit reports requiring remediation.

• Lead audit finding analysis and collaborate with SMEs to identify possible solutions.

• Collaborate with stakeholders and SMEs to develop milestones.

• Support IT GRC activities, including management of standards, approvals, and waivers.

• Provide project management support by preparing status reports, briefings, schedules, and project plans.

• Oversee security impact analysis, risk assessments, and acceptance processes.

• Support the revision of security artifacts in collaboration with SMEs to accurately represent the agency’s security posture.

• Coordinate and lead cross-team activities to develop comprehensive responses to audit requests, including creating detailed presentations with cross-functional teams.

Qualifications

Education and Experience:

• Undergraduate degree with 9 years of experience, or Master’s degree with 7 years of experience, or PhD/JD with 4 years of experience.

• At least 2 years of supporting or performing IT security audits.

• Experience managing three or more direct reports.

Certifications:

• Professional certification such as CISSP or CISA.

Technical and Knowledge Requirements:

• Strong understanding of NIST Special Publications, including NIST SP 800-53, FISMA, and other audit and security standards.

• Familiarity with OMB circulars A-123 and A-130, FMFIA, and FISCAM processes and procedures.

• Ability to stay current on information technology trends and security standards.

Skills and Abilities:

• Strong time management, multitasking, and attention to detail.

• Proven leadership skills with experience managing diverse teams.

• Excellent collaboration, team-building, and customer service focus.

• Demonstrated ability to run effective meetings and secure buy-in from executive leaders.

• Ability to adapt to changing environments and deadlines, maintaining consistent service.

• Effective communication skills (oral and written) across all levels, with the ability to present technical content clearly to non-technical audiences.

• Ability to work with highly technical content, both preparing and comprehending complex material.

• Strong analytical and problem-solving skills to assess risks and develop solutions.

• Proficiency with Microsoft Office (Word, Excel, Visio, PowerPoint, MS Project) and SharePoint.

• Ability to review and provide constructive feedback on work products to ensure high-quality deliverables with minimal revisions.

• Understanding of and technical experience in IT platforms such as Microsoft, Cisco, Oracle, etc.

• Understanding of SharePoint lists and workflows which are heavily utilized in this environment.

Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.