Risk Analyst - IT Governance, Risk, and Compliance

Location
Herndon USA-VA-Fairfax USA-MA-Westwood, VA
Posted
Apr 06, 2017
Closes
May 31, 2017
Function
Analyst, IT
Hours
Full Time
The Risk Analyst is responsible for supporting the enterprise IT risk management and controllership processes including execution of risk management processes, regulatory control testing and metrics reporting to the GDIT Governance, Risk, and Compliance (GRC) Leader and Chief Information Security Officer (CISO).

Specific responsibilities include:

    Document IT risks across policy, cyber and operations to ensure protection of GDIT assetsMaintain and regularly update the centralized IT risk registry in support of the enterprise programCollaborate with risk owners, process owners and key stakeholders to develop narratives, flow charts and control design effectiveness in support of regulatory control frameworksPartner with GRC Leader and/or key stakeholders to provide recommendations to reduce IT risk Document risk treatment plans and monitor remediation actions through the Plan of Action & Milestone (POAM) processDevelop key performance indicator (KPI) / key risk indicator (KRI) metrics and communicate reporting to leadership on a frequent basisProvide support to the IT Project Management Office (PMO) processes to ensure risks are proactively discussed and managedSupport regulatory control framework testing (SOX, NIST 800-53, ISO 27000) and internal/external audit engagements, as deemed necessary
Perform adhoc special projects, as deemed necessary

Education BBA/BS/MS/MBA degree or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Qualifications
    2-5 years of related experience in IT risk management, project management and/or IT governance, risk and compliance (GRC) frameworksWorking knowledge and/or familiarity with Sarbanes-Oxley, NIST 800-53 and/or ISO 27000Relevant industry certifications preferred
  As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.