CACI bv · 4 weeks ago
Senior Manager Governance, Risk, and Compliance
National Harbor, MD
Full-time
Onsite
Senior Level
$121K/yr - $266K/yr
5+ years expCACI is seeking a Senior Manager of Governance, Risk, and Compliance, who will play a crucial role in ensuring adherence to regulatory requirements and maintaining a strong control environment. This position involves managing a team and driving compliance initiatives while promoting a culture of continuous improvement and risk management.
ConsultingEducationTraining
No H1B
U.S. Citizen Only
Responsibilities
Coordinate, facilitate, and supervise compliance and assurance processes, including ISO 27001 internal and external assessments, internal and external IT SOX audits, and third-party compliance assessments for IT-relevant services (including NIST SP800-171 and CMMC)
Oversee corporate and program-specific system security plan (SSP) reviews and associated NIST SP800-171a assessments
Manage the review and assessment of Outside Service Provider SOC 1 and SOC 2 reports to ensure compliance with contractual obligations and industry standards
Conduct formal reviews of SOC reports, identifying any gaps or areas for improvement and working with service providers to address these issues
Be responsible for responding to cyber attestations solicitations from contracts, ensuring that all required documentation and evidence are provided in a timely and accurate manner
Collaborate with internal teams and external partners to gather necessary information and evidence to support cyber attestations
Monitor remediation and corrective action plans at the Corporate and program enclave level to ensure timely and effective resolution of compliance issues
Communicate and collaborate with IT teams to improve security compliance, manage risk, and enhance the effectiveness of the systems control environment
Build and maintain strong relationships with Internal Audit, Cyber Security, and Risk Management teams at all levels in the organization
Remain current on IT regulatory requirements (SOX, SEC) and gain exposure to cybersecurity practices (NIST 800.X) and industry regulations (DFARS, CMMC)
Maintain high standards for internal communication through email, company portals, and management of knowledge base and policy documentation
Qualification
Required
Bachelor's degree in Auditing, Management Information Systems, Information Assurance, Cybersecurity, or related area
5+ years of progressive experience in Information Technology Auditing, Consulting, or a related field, with at least 2 years in a managerial role
Experience with CMMC, DFARS 252.204-7012, 7019, 7020, and 7021, ISO 27001, NIST SP800-171a, and/or Sarbanes Oxley (SOX)
Proven experience leveraging auditing principles and methods to evaluate policies, processes, and systems to identify risks and control gaps
Experience documenting, understanding, and evaluating IT governance and risk management concepts and IT general controls and practices, such as IT infrastructure, cybersecurity, change management, and application control processes
Experience creating and maintaining policies and procedures
Clear articulation and exceptional written and verbal communication skills
Preferred
CISSP, CIA, CISA, CRISC, or other relevant certifications
Security Clearance
Experience in a regulated industry such as Government Contracting
Benefits
Healthcare
Wellness
Financial
Retirement
Family support
Continuing education
Time off benefits
Company
CACI bv
CACI levert, implementeert en beheert bedrijfskritische oplossingen voor het Hoger Onderwijs: het StudentInformatieSysteem OSIRIS en LISA voor zaakgericht werken.
51-200 employees
Funding
Current Stage
Growth StageCompany data provided by crunchbase