Employer: Create Account or Login
Sign In
 [New User? Sign Up]
Mobile Version

Vice President, Chief Information Security Officer (CISO) Job


Reston, VA
Job Code:
Apply on the Company Site
  • Save Ad
  • Email Friend
  • Print
  • Research Salary

Job Details

Vice President, Chief Information Security Officer (CISO) Job

Vice President, Chief Information Security Officer (CISO) Job

Date: Mar 15, 2018

Location: Reston, VA, US

Company: SAIC

Vice President, Chief Information Security Officer (CISO) (Job Number:433438)


The Chief Information Security Officer (CISO) within SAIC has a dual reporting relationship and is a member of both the Chief Information Officer’s (CIO) leadership team and the Chief Risk Officer’s (CRO) Office of Business Conduct and Excellence (OBCE) organization.

In supporting the OBCE, the CISO will be responsible for developing and implementing an IT security strategy to ensure corporate compliance with applicable legal and regulatory cyber security requirements as well as to otherwise safeguard SAIC’s information systems. The CISO will develop and implement cyber security governance and compliance policies and procedures enterprise-wide. Understanding the IT threat landscape for the industry in general, and SAIC in specific, will be critical so as to design and implement security measures tailored to addressing threats in a timely, efficient and risk-managed method. This will include executing enterprise-wide risk assessments and exercises related to cyber security as a leader on the Enterprise Risk Management Committee (ERMC).

Within the Information Technology Office (ITO), the CISO will lead the cybersecurity Governance, Risk and Compliance team (GRC), the Computer Incident Response Team (CIRT) and support the Security Operations Center (SOC) in its 24x7 monitoring and analysis role. The CISO will be responsible for the operations, policy, governance and strategy of SAIC’s Cybersecurity Program, including the active operational protection of enterprise information assets and management of programs and efforts associated with IT security.

This role requires the CISO to work effectively with, and exert positive, timely influence across the enterprise (e.g., legal, security, contracts, procurement, operations and communications) as well as externally with customers, regulators, strategic partners and competitors. The CISO must possess an excellent knowledge of, and background in, IT security technologies and regulations as well as a high level of business acumen and be able to communicate effectively at all corporate levels, including at the executive level.


Office of Business Conduct and Excellence Support:
- Serve as a key member of the Enterprise Risk Management Committee (ERMC).
- Develop, review, oversee and implement identity and access management (IAM) policies, security governance policies, controls and cyber incident response planning.
- Schedule independent security audits and lead cybersecurity exercises.
- Establish and manage a Cyber Risk Assessment program to define, identify, and classify critical assets, assess threats and vulnerabilities to those assets, and implement appropriate safeguards.
- In collaboration with the CRO, CIO and other leaders, ensure corporate technical compliance with all cyber security related statutes, regulations, and industry directives. This includes, but is not limited to, Personally Identifiable Information (PII), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), Federal Information Processing Standard (FIPS), EU Data Protection, National Institute of Standards and Technology (NIST) guidance.
- Oversee compliance with Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident Reporting.
- Ensure compliance with government contract and security related contractual obligations and lead efforts to assess and enforce compliance with applicable security standards such as PCI DSS, ISO 27001, SSAE16 SOC, NIST SP 800-171.
- Develop and implement a monitoring program to ensure continued compliance with applicable laws, regulations and industry directives.

Information Technology Office Support:
- Ensure security procedures and standards are not only compliant, but designed to enable the business to operate effectively.
- Assess and approve the design of the security components for all software and hardware solutions implemented across the enterprise.
- Develop, plan, build and execute the IT security strategy. Responsible for budget execution of the company’s cybersecurity programs in coordination with the CIO’s overall financial plan.
- Ensure that disaster recovery and business continuity plans are in place and routinely tested.
- Manage all teams, employees and third party relationships involved in IT security.
- Hire, train and mentor cybersecurity team members.
- Assist with discovery and digital forensic investigations, security violations and cyber incidents.
- Review investigations after breaches or incidents, including impact analysis, and prepare recommendations for avoiding future incidents.
- Communicate cybersecurity best practices and risks across the enterprise.
- Oversee all cybersecurity initiatives, and manage the operational processes for monitoring and maintaining information security.
- Drive security awareness, education and conduct training to foster a security-aware culture in a large corporate environment.
- Lead the Cyber Security Vulnerability Management Program.


- Structured, logical thinker with strong problem-solving skills and excellent communication skills.
- A proven ability to set, meet and enforce deadlines to enable business success.
- Deep knowledge of technological trends and developments in information security, risk management and cybersecurity compliance.
- Detailed knowledge and understanding of security, risk and compliance regulations and frameworks, such as NIST RMF, ISO 27001, PCI-DSS, PII, PHI, HIPAA, HITECH, SANS CISC, GDPR, CSA, COBIT, COSO, ITIL and SOX.
- Experience in writing, executing and monitoring Policy, Governance and Systems Security Plans is required.
- Experience in Federal contracting is required.
- Prior Defense Industrial Base participation is a plus.
- Prior experience in presenting to the Board of Directors, Executive Leadership and the workforce on Cyber Risk and Response management and cyber forensic investigations is preferred.
- Demonstrated performance in key technology leadership/management positions on an enterprise level is required. Proven skills and experience in business case development, financial acumen, program management, team building, collaboration, communications, data analysis and data management, root cause analysis and workflow analysis skills are essential to success in this role.

Education and Certification Requirements:

A bachelor’s degree or equivalent experience in Computer Science or other technical field is required. Advanced degrees preferred.

CISSP certification is preferred or required upon hire. Additional Information Security certifications such as Security+, C/CISO, CISM, CISA, CIRSC, CEH are preferred.

A minimum of 10 years in IT leadership and IT Operations is required.

TS/SCI clearance, or ability to obtain one upon hire, is required.

SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAIC has approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com.

EOE AA M/F/Vet/Disability

Job Posting: Jan 16, 2018, 5:00:00 AM
Primary Location: United States-VA-RESTON
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: Top Secret/SCI
Potential for Teleworking: No
Travel: Yes, 10% of the time
Shift: Day Job
Schedule: Full-time

Nearest Major Market: Washington DC

Job Segment: Executive, Corporate Security, Information Security, Engineer, Management, Security, Technology, Engineering

Apply on the Company Site
Powered ByLogo

Featured Job

Featured Employer

© Adicio Inc.