Information Privacy and Security, Senior Advisor - Governance, Risk, & Compliance

Peraton is seeking a Senior Information Privacy and Security, Senior Advisor in support of our IT Operations Cyber Risk and Compliance team. A top candidate will be well-versed in regulations and common contractual requirements affecting the Federal contracting community and Defense Industrial Base. This includes in-depth, current knowledge of the DIB Cyber Assessment Center requirements, Cybersecurity Maturity Model Certification, cyber executive orders, and relevant federal acquisition regulations. Candidates should be able to demonstrate significant prior industry engagement on such requirements with companies of similar size and scope.

Responsibilities:

Maintain GRC processes in coordination with security and IT operations. Works with business and functional areas to align external expectations and inform internal decisions.
• Provide information security governance, risk, and compliance (GRC) support for multiple businesses and programs in Peraton's broad portfolio of businesses in defense, cyber, civilian, and space/intel.
• Maintenance and reporting of key information security metrics and reports for both operational management and corporate executives.
• Responsible for supporting Peraton programs with understanding contractual cybersecurity requirements (e.g., DFARS/NIST 800-171, IRS 4812, CMS IS2P2, etc.)
• Collaborate with internal Peraton teams in a cross-functional capacity to update and monitor corporate policies for ongoing compliance
• Responsible for GRC tool development and maintenance
• Maintain GRC project portfolio, including project charters, milestones, scheduling, tracking, and reporting; supporting OCISO Project Management Office for critical path and resource awareness.

Required Qualifications:

• BS (12+ yrs) or MS (10+ yrs) in System Engineering, Computer Science, Information Systems, or related discipline. Equivalent experience may be considered in lieu of degree.
• Proven experience working and assessing security controls within DoD and Federal enterprise environments.
• Experience creating and maintaining NIST SP 800-171, NIST SP 800-53, and ISO/IEC 27001 frameworks and documentation (SSP, POA&M, CP, CM Plan, and others)
• Strong understanding of information security and the relationship between threat, vulnerability, and information value in the context of risk management.
• Strong understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.)
• Experience with GRC automation software such as ServiceNow Information and Risk Management (IRM), Archer, CSAM, Xacta or other compliance and workflow tools.
• US Citizenship

Desired Qualifications:

• CISSP, CISA, CRISC or information security professional certification applicable to cybersecurity and risk management.
• Ability to analyze complex cybersecurity compliance problems, identify root cause and recommend/negotiate reasonable solutions.
• Ability to work independently and collaboratively with cross-functional teams

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.