Senior Manager Governance, Risk, and Compliance

Senior Manager Governance, Risk, and Compliance

Job Category: Information Technology

Time Type: Full time

Minimum Clearance Required to Start: None

Employee Type: Regular

Percentage of Travel Required: Up to 10%

Type of Travel: Continental US

* * *

The Opportunity:
CACI Enterprise Services is seeking a Senior Manager of Governance, Risk, and Compliance.  This role is pivotal in ensuring that our organization adheres to stringent regulatory requirements and maintains a robust control environment. You will manage a team of 5 Information Assurance and Compliance Analysts and one Team Lead, driving compliance initiatives while fostering a culture of continuous improvement and risk management.


Responsibilities:

Compliance Management:

•   Coordinate, facilitate, and supervise compliance and assurance processes, including ISO 27001 internal and external assessments, internal and external IT SOX audits, and third-party compliance assessments for IT-relevant services (including NIST SP800-171 and CMMC).
• Oversee corporate and program-specific system security plan (SSP) reviews and associated NIST SP800-171a assessments
• Manage the review and assessment of Outside Service Provider SOC 1 and SOC 2 reports to ensure compliance with contractual obligations and industry standards.
• Conduct formal reviews of SOC reports, identifying any gaps or areas for improvement and working with service providers to address these issues.
• Be responsible for responding to cyber attestations solicitations from contracts, ensuring that all required documentation and evidence are provided in a timely and accurate manner.
• Collaborate with internal teams and external partners to gather necessary information and evidence to support cyber attestations

Remediation and Monitoring:

•  Monitor remediation and corrective action plans at the Corporate and program enclave level to ensure timely and effective resolution of compliance issues.

​
Collaboration and Communication:

•  Communicate and collaborate with IT teams to improve security compliance, manage risk, and enhance the effectiveness of the systems control environment.
• Build and maintain strong relationships with Internal Audit, Cyber Security, and Risk Management teams at all levels in the organization.
   

Regulatory and Industry Standards:

• Remain current on IT regulatory requirements (SOX, SEC) and gain exposure to cybersecurity practices (NIST 800.X) and industry regulations (DFARS, CMMC).

Documentation and Communication:

•  Maintain high standards for internal communication through email, company portals, and management of knowledge base and policy documentation.

Qualifications:

Required: 

• Bachelor’s degree in Auditing, Management Information Systems, Information Assurance, Cybersecurity, or related area.
• 5+ years of progressive experience in Information Technology Auditing, Consulting, or a related field, with at least 2 years in a managerial role.
• Experience with CMMC, DFARS 252.204-7012, 7019, 7020, and 7021, ISO 27001, NIST SP800-171a, and/or Sarbanes Oxley (SOX).
• Proven experience leveraging auditing principles and methods to evaluate policies, processes, and systems to identify risks and control gaps.
• Experience documenting, understanding, and evaluating IT governance and risk management concepts and IT general controls and practices, such as IT infrastructure, cybersecurity, change management, and application control processes.
• Experience creating and maintaining policies and procedures.
• Clear articulation and exceptional written and verbal communication skills.

Desired:

• CISSP, CIA, CISA, CRISC, or other relevant certifications.
• Security Clearance
• Experience in a regulated industry such as Government Contracting.

-

________________________________________________________________________________________

What You Can Expect:

 

A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

 

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy. 

 

Your potential is limitless. So is ours.

Learn more about CACI here.

________________________________________________________________________________________

Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.

The proposed salary range for this position is:

$94,600 - $208,000