Job Title: Cyber GRC Analyst Principal
Posted by: SAIC on Jul 09, 2025
Location:
Newport , RIJob Description:
Description
SAIC is seeking an A&A Package Validator (Cyber GRC Analyst Principal) to support cybersecurity compliance efforts alongside our government customer at the Naval Undersea Warfare Center (NUWC) in Newport, RI.
JOB DESCRIPTION:
The A&A Validator will work directly with and on behalf of the command ISSM and is required to liaise with the Activity CIO and staff for NUWC Division Newport, NUWC HQ and NAVSEA, NAVSEA Warfare Center Lead Validators, Code 104 IT Departmental personnel, Departmental A&A representatives and ISSOs, and command physical and information security personnel to maintain the A&A process.
JOB DUTIES:
Coordinates initial package preparation, assigns team members to the package, and establishes the schedule and POA&M for execution to full ATO authorization. Coordinates with the System and Network Program Managers and System Administrators to ensure all required artifacts are submitted to the team, and ensures a thorough independent review is conducted on such artifacts in accordance with DON and DoD guidelines. Ensures Control Assessments are conducted for each package. Ensures vulnerability assessments, scans and security checklists are completed for each system, and evaluated by the assigned Information System Security Engineer (ISSE). Utilizes experience and validator skills to ensure cyber control and vulnerability assessments are tested and evaluated for each system. Ensures all required documentation, including artifacts and vulnerability assessments are complete prior to authorizing submission of a Security Authorization Package to the appropriate Authorizing Official (AO). Participates in collaboration and RMF Checkpoint meetings with the Echelon II Representative, US Navy Security Control Assessor (SCA)/Certification Authority (CA), and the AO representative. Prepares (as the Validator) the Security Assessment Plan for the US Navy SCA/CA to approve and forward to the AO. Maintains all post-authorization requirements after receipt of the authorization decision or Authority to Operate (ATO). Coordinates and conducts an independent audit program to ensure system Program Managers and Owners (PMs and ISOs) are adhering to ATO conditions, maintaining an active and documented Change Management Process. Serves as the recognized authority for the command's RMF process implementation and security control assessment, and represents the activity and the command while interacting with external authorities and cross-Warfare Center committees and working groups. Responsible for ensuring accurate and timely system security information is entered and updated in the Department of Defense Information Technology Portfolio Repository - Department of the Navy (DoD) (DITPR-DON) system for command systems including Defense Business Systems and National Security Systems as determined by higher US naval authority. Qualifications
REQUIRED EXPERIENCE AND CLEARANCE:
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field and nine (9) years of experience in IT functions such as network administration, engineering, or cybersecurity. A Master's degree may be substituted for up to two (2) years of experience (7 years with a Master's), and a PhD may be substituted for up to five (5) years of experience (4 years with a PhD). Ability to work independently and in a team environment. Ability to travel as required. Proficient in managing end-to-end Risk Management Framework (RMF) activities, including coordination of Security Authorization Packages and ATO execution planning. Demonstrated ability to conduct and validate control assessments in accordance with DoD and DON guidelines, ensuring systems meet security requirements. Experienced in overseeing vulnerability scans, checklist completion, and risk analysis to support comprehensive system evaluations. Adept at reviewing and compiling security artifacts and documentation to ensure completeness and compliance prior to submission for ATO decision. Demonstrated ability to uphold organizational values and adhere to Department of the Navy (DON) ethical standards in a high-visibility role. Strong written and verbal communication skills, with the ability to engage clearly and professionally with diverse stakeholders in sensitive or high-profile environments. Candidate must be a US Citizen. Candidate must currently possess an active Secret clearance with the ability to obtain a Top Secret. This position is an IT-I Critical Sensitive Position. DESIRED EXPERIENCE:
RMF Background. Security +. CISSP/CISM.
SAIC is seeking an A&A Package Validator (Cyber GRC Analyst Principal) to support cybersecurity compliance efforts alongside our government customer at the Naval Undersea Warfare Center (NUWC) in Newport, RI.
JOB DESCRIPTION:
The A&A Validator will work directly with and on behalf of the command ISSM and is required to liaise with the Activity CIO and staff for NUWC Division Newport, NUWC HQ and NAVSEA, NAVSEA Warfare Center Lead Validators, Code 104 IT Departmental personnel, Departmental A&A representatives and ISSOs, and command physical and information security personnel to maintain the A&A process.
JOB DUTIES:
Coordinates initial package preparation, assigns team members to the package, and establishes the schedule and POA&M for execution to full ATO authorization. Coordinates with the System and Network Program Managers and System Administrators to ensure all required artifacts are submitted to the team, and ensures a thorough independent review is conducted on such artifacts in accordance with DON and DoD guidelines. Ensures Control Assessments are conducted for each package. Ensures vulnerability assessments, scans and security checklists are completed for each system, and evaluated by the assigned Information System Security Engineer (ISSE). Utilizes experience and validator skills to ensure cyber control and vulnerability assessments are tested and evaluated for each system. Ensures all required documentation, including artifacts and vulnerability assessments are complete prior to authorizing submission of a Security Authorization Package to the appropriate Authorizing Official (AO). Participates in collaboration and RMF Checkpoint meetings with the Echelon II Representative, US Navy Security Control Assessor (SCA)/Certification Authority (CA), and the AO representative. Prepares (as the Validator) the Security Assessment Plan for the US Navy SCA/CA to approve and forward to the AO. Maintains all post-authorization requirements after receipt of the authorization decision or Authority to Operate (ATO). Coordinates and conducts an independent audit program to ensure system Program Managers and Owners (PMs and ISOs) are adhering to ATO conditions, maintaining an active and documented Change Management Process. Serves as the recognized authority for the command's RMF process implementation and security control assessment, and represents the activity and the command while interacting with external authorities and cross-Warfare Center committees and working groups. Responsible for ensuring accurate and timely system security information is entered and updated in the Department of Defense Information Technology Portfolio Repository - Department of the Navy (DoD) (DITPR-DON) system for command systems including Defense Business Systems and National Security Systems as determined by higher US naval authority. Qualifications
REQUIRED EXPERIENCE AND CLEARANCE:
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field and nine (9) years of experience in IT functions such as network administration, engineering, or cybersecurity. A Master's degree may be substituted for up to two (2) years of experience (7 years with a Master's), and a PhD may be substituted for up to five (5) years of experience (4 years with a PhD). Ability to work independently and in a team environment. Ability to travel as required. Proficient in managing end-to-end Risk Management Framework (RMF) activities, including coordination of Security Authorization Packages and ATO execution planning. Demonstrated ability to conduct and validate control assessments in accordance with DoD and DON guidelines, ensuring systems meet security requirements. Experienced in overseeing vulnerability scans, checklist completion, and risk analysis to support comprehensive system evaluations. Adept at reviewing and compiling security artifacts and documentation to ensure completeness and compliance prior to submission for ATO decision. Demonstrated ability to uphold organizational values and adhere to Department of the Navy (DON) ethical standards in a high-visibility role. Strong written and verbal communication skills, with the ability to engage clearly and professionally with diverse stakeholders in sensitive or high-profile environments. Candidate must be a US Citizen. Candidate must currently possess an active Secret clearance with the ability to obtain a Top Secret. This position is an IT-I Critical Sensitive Position. DESIRED EXPERIENCE:
RMF Background. Security +. CISSP/CISM.
Pay Rate:
Unspecified
HR. Website URL:
http://saiccareers.ttcportals.com/search/jobs?q=&location=
Sign Up to Apply to this position
(if you already have a CGO account, just press the button below)
About SAIC
SAIC® is a premier Fortune 500® technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.
Please visit this employer's Public Profile to see more jobs offered by SAIC