Governance, Risk and Compliance Analyst

Company Description

Leidos is a Fortune 500® Technology, Engineering, and Science Solutions and Services leader. Leidos’ 47,000 global employees support vital missions for government and commercial customers. Headquartered in Reston, Va., Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023.

Leidos Australia has been a trusted partner to the Australian Government, including the Department of Defence, for more than 25 years, having delivered some of the most complex software and systems integration projects in Australia. With a local workforce of around 2,000, of which 85% hold a government security clearance, we have one of the largest security-cleared workforces in Australia. Our team is also backed by Leidos’ global expertise, experience and capabilities.

Job Description

We have an exciting and challenging opportunity available for an experienced GRC Manager to be part of a close-knit, cross-fields multidisciplinary team. Working in a fast-paced environment in a collaborative team with broad skillsets, you will be involved in a broad portfolio of programs primarily in Defence, ensuring the delivery of secure, compliant and accredited systems. The role will see delivery of projects across both on-premise and hyperscale cloud platforms, along with any associated Partner systems interconnection. 

• Engagement with key stakeholders including internal project management, Certification Authority representatives, security service providers, other internal IT security personnel and business owners to tailor the scope of responsibility and approach to delivering security controls, artefacts, risk identification and assessment, security testing for deployed security controls and responsibility for risk treatment recommendations
• Consideration of and alignment with project schedules such that the certification and accreditation effort supports the business requirement to operate the subject system(s)
• Identification, validation and or advocacy for security requirements (functional or non-functional) and dependencies associated with system delivery, transition into service or ongoing sustainment
• Development of an Accreditation Plan detailing the elements above with the necessary activities, artefacts and stakeholder contributions required to complete the certification and accreditation process for assigned projects.  This includes authoring of the System Security Plan (SSP), System Risk Management Plan (SRMP), IRP (Incident Response Plan), CMP (Continuous Monitoring Plan), BIL (Business Impact Level), and other accreditation documentation as appropriate.
• Ownership for the execution of the Accreditation Plan with reporting as required by the business, project, Certification Authority or other interested stakeholders
• Handover of all completed artefacts to operational groups for ongoing sustainment of the accredited system.

Qualifications

About You and What You’ll Bring

GRC personnel will have a minimum of five years’ experience in IT Security roles with at least two years’ experience providing GRC services in Australian Federal Government, preferably within the Defence framework. 

The following experience is required for GRC personnel:

• Current knowledge of and experience with the Australian Government Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) is necessary.  Experience working with the Defence Security Practices Framework (DSPF) is preferred
• An ability to advocate collaboratively for security and compliance requirements within the project, and advocate for the project’s approach with external stakeholders is necessary.  It is expected that GRC personnel will leverage all available resources to ensure their advice and advocacy in all cases is accurate and practical
• An ability to communicate sensitive matters in a respectful and professional manner, enabling decision makers to understand the security implications of their choices prior to delivering their decisions
• Once decisions are made, they must be recorded factually and if relevant, introduced risks documented for formal acceptance
• An ability to prioritise the importance of security and compliance matters in the context of the subject platform or system is required.  This may include the support of Security Engineers, Security Testers or other external stakeholders, however it is the responsibility of GRC personnel to communicate the priority of security elements through the certification and accreditation process.
• An ability to provide structural guidance to help mature projects planning, documentation and delivery elements but maintain flexibility to support the delivery approach prescribed by the business.

Certifications:

• Any GRC related certification is advantageous with security-related certificates preferred. There is no requirement for iRAP certification.

This role requires the successful applicant to be an Australian Citizen and hold a minimum NV-1 level Australian security clearance. 

Additional Information

At Leidos, you’ll enjoy 12 weeks’ paid parental leave as a primary carer, flexible work practices, discounted health insurance, novated leasing and more. Foster your career through complete access to learning and development and mentoring opportunities, we have a strong track record of internal promotion and career transitions. 

As a business we are focusing on setting people up for growth and success, so individuals can develop specialist skills and make significant contributions whilst broadening their experience within the cyber security field.  If this sounds like you and you have the right attitude coupled with the willingness to challenge yourself and want to be in a team delivering security capability for government – apply today.

We embrace diversity and are committed to creating a truly inclusive workplace. We welcome and encourage applications from Aboriginal and Torres Strait Islander peoples, culturally and linguistically diverse people, people with disabilities, veterans, neurodiverse people, and people of all genders, sexualities, and age groups.