Senior Principal, IT Risk and Compliance Specialist

General Dynamics Information Technology

full-time

Posted on: 9/20/2025

Origin: • 🇺🇸 United States • District of Columbia, Louisiana

Visit company website

✨ AI Apply

Apply

Salary

💰 $131,750 - $178,250 per year

Job Level

Senior

Tech Stack

CloudCyber SecurityFirewallsServiceNowSplunk

About the role

Manage the security posture and authorization lifecycle for multiple cloud and on-premises information systems
Conduct continuous monitoring activities, including vulnerability scan analysis, audit log reviews, and security control assessments
Develop, maintain, and update security documentation, including System Security Plans (SSPs), Plan of Action & Milestones (POAMs), and Risk Assessment Reports (RARs)
Periodically assess risk to organizational operations and assets in accordance with organizational risk management policies
Monitor emerging security threats and technology advancements and recommend process and tool improvements
Ensure system compliance with NIST special publications, FedRAMP requirements, DISA STIGs, and CIS Benchmarks
Assess and mitigate system vulnerabilities and track remedial actions to closure
Support incident response, contingency planning, and disaster recovery efforts; lead incident response for breaches
Serve as the primary security advisor to system owners, developers, and administrators
Interface with auditors and assessors during security control assessments and authorization events
Provide security-focused input for new business proposals and solutions; support business development activities
Act as a subject matter expert and lead development and execution of IT risk management and compliance strategies
Facilitate RMF steps with data owners, system owners, authorizing officials, and technical teams
Maintain and update security documentation (SSPs, Security Controls Workbook, Architecture Diagrams, Risk Assessments, POA&Ms, and other required documents)
Monitor and analyze information systems for security incidents and conduct regular security assessments and audits
Collaborate with IT, legal, and business teams to address IT risk and compliance issues
Train and mentor staff on IT risk management and compliance best practices
Provide guidance and recommendations to senior management on IT risk and compliance matters

Requirements

Minimum of 8+ years of experience in IT risk management, IT compliance, or information security
Technical training, certificate, or degree in information/cyber security or a related field
At least one certification: CISSP, CISM, and/or CISA
Experience in a leadership role (e.g., ISSO, ISSE, ISSM)
Skills: Information Security; Information Technology (IT) Risk; Information Technology (IT) Risk Management
Experience managing security projects and delivering/supporting customer security requirements
Comprehension of change and configuration management and security impact analysis
Excellent problem-solving, analytical, and communication skills
Ability to effectively collaborate across multi-functional teams
Demonstrated experience performing complex technical tasks with minimal direction
Experience communicating and presenting technical solutions and status to executives and key stakeholders
Experience with security tools and technologies (Firewalls, VPNs, SIEM, End Point Protection, Vulnerability & Compliance Scanning, Identity & Access Management)
Strong understanding of security boundary protection strategies, Intrusion Detection/Prevention, compensating controls, and firewall rules
Knowledge of IT risk management frameworks and regulatory requirements (NIST, ISO 27001, COBIT, FISMA)
Knowledge of security and privacy controls (CIS Level 2, DISA STIG)
Knowledge of security authorization processes (FedRAMP, DoD) and security audits
Experience with tools (preferred): Splunk, CrowdStrike, Qualys, Tenable, eMASS, Archer, Microsoft Office, Adobe Pro, Visio, JIRA, ServiceNow
US Citizenship not required; Clearance level: None required; Ability to obtain Top Secret clearance preferred