Cyber Governance Risk and Compliance

Job Description

Description:Lockheed Martin Corporate Information Security (CIS) is seeking a Cyber Governance, Risk and Compliance (GRC) Analyst with systems engineering, communications, cyber and technology experience. The analyst must be knowledgeable of information technology and security principles. This is a multi-tasking environment that demands customer services, communication, and organizational skills.
This role focuses on identifying, assessing and mitigating cyber risk for the enterprise. This role will work with individuals from a variety of technical and functional disciplines to guide cyber GRC to the business area, subsidiary and supplier domain. Work location at a major U.S. Lockheed Martin site is required.
Supports the development and review of technical solutions, standards and proposals. Develops and reviews technical success criteria for major milestones, control gates and significant review points.
Must be willing to work flexible hours and be able to travel as required.
Position additionally responsible for, but not limited to the following:
• Oversee day-to-day information system security operations including data and software validations.
• Establish effective working relationships with the other components of CIS, Enterprise IT, Business Area (BA) IT leadership, BA Information Security Officer (ISOs) teams, and customers
• Support the coordination, planning, sustaining and implementation activities for the cyber GRC applications.
• Evolve the capabilities of LM’s cyber GRC tool by evaluating user requirements against system capabilities.
• Support testing, design, and implementation.
• Follow established change control and configuration management processes; support production deployment.
• Process improvement and documentation supporting both technical and functional activities.
• Provide first-level support and training to end-users allowing them to fully leverage the cyber GRC applications
• Respond to and update IT Service Management (ITSM) incidents and requests in a timely manner.
• Ensure the development, documentation, and presentation of security education, awareness, and training activities for users and others, as appropriate.
• Apply cyber security standards, directives, guidance and policies
• Ensure system security measures comply with applicable government policies, laws, and regulations; provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.
Basic Qualifications:
• Bachelor’s degree in engineering, computer science, cybersecurity, telecommunications, information systems, or a related field from an accredited college or university
• Ability to obtain and maintain a DoD clearance
• Solid understanding of cybersecurity principles
• Demonstrated effective interpersonal and communication skills (written and oral)
• Provide first-level support and training to end-users allowing them to fully leverage the cyber GRC applications
• Respond to and update IT Service Management (ITSM) incidents and requests in a timely manner.
• Ability to work in a team environment as well as independently, demonstrate excellent problem-solving abilities, be well organized, flexible, and self-motivated.
• Ability to work across organizational lines and with customers and suppliers, within the U.S. and internationally
• Ability to work in a virtual environment, effectively utilizing collaboration tools to interact with geographically dispersed team members and stakeholders
• Familiarity with agile software development process
Desired Skills:
• Experience with risk-based security engineering
• Knowledge of Cyber Security risk management processes
• Knowledge of Governance, Risk and Compliance strategies and tools
• Experience with Enterprise Splunk
• Experience with Software Development Life Cycle (SDLC) and Software Testing Life Cycle (STLC)
• Solid understanding of cybersecurity principles
• Familiarity with associated external directives, regulations, and controls, such as DFARS 7012 and NIST 800-171, NIST 800-53, RMF, FedRAMP, and ISO 27001/27002
• Familiarity with the Galvanize (R-Sam) platform
• Experience with cloud platforms such as AWS, Microsoft Azure, OpenStack, Docker and others
• Demonstrated experience utilizing agile frameworks for project lifecycle
• Recognized security certification (CISSP or others)
• Current active DOD Secret clearance