Cybersecurity Compliance & Governance Intern

Description

Leidos is ready for summer Cybersecurity Compliance & Governance interns! This opportunity to work in our Reston, VA office or remotely is a great way to learn while using your experience and insight to help our corporate information security team keep the enterprise secure. You’ll work closely with Governance, Risk Management, and Compliance staff to advance our ability to track and monitor regulatory changes and maintain compliance with internal and external regulations, policies, and laws.

Primary Responsibilities

• Rotate through team functions to gain experience with various Compliance and Governance services.
• Support the team in maintaining and improving policies, standards, guidelines, and procedures.
• Develop and deliver cyber compliance educational and awareness materials.
• Audit and assess compliance and governance of information security processes for specific business units, functions or services.
• Define and improve cyber governance metrics for periodic release.
• Monitor emergent changes in regulatory and security compliance and determine the impact of those changes on Information Technology functional processes.
• Facilitate the remediation of Information Technology control deficiencies, including communication with essential levels of leadership and validation of remediation activities.

Basic Qualifications

• Must be enrolled in a bachelor’s or master’s degree in a related field.
• US Citizenship is required.
• Strong interpersonal and written communication skills for collaboration on resolution of compliance issues; ability to foster cooperation with representatives of various organizational entities.
• Ability to research, compile results, and make recommendations to solve problems.
• Familiarity or preparedness to learn about evaluating compliance of information security solutions to policies and procedures.
• Familiarity or preparedness to learn how to assess whether security safeguards employed by organizations are implemented correctly, are operating as intended, and satisfy the security requirements.
• Familiarity or preparedness to learn about security governance principles, compliance, legal and regulatory issues, and regulatory acts.
• Familiarity or preparedness to learn about system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plans of Action and Milestones (POA&M), and training requirements consistent with cyber frameworks including NIST.

Preferred Qualifications

• Familiarity with cyber standards such as DFARS 252.204-7012, Cybersecurity Maturity Model Certification (CMMC), or NIST Special Publication 800-171r2.
• Familiarity with cybersecurity frameworks such as CIS Controls, Secure Controls Framework (SCF), NIST Cybersecurity Framework (CSF), or NIST AI Risk Management Framework (AI RMF).
• Familiarity with cybersecurity laws and regulations in the US and internationally impacting data protection and the confidentiality, integrity and availability of systems and data, such as FAR and DFARS requirements, ISO 27001, Cyber Essentials, and General Data Protection Regulation(GDPR).

Key skills/competency

• Cybersecurity Compliance
• Governance
• Risk Management
• Information Security Policy
• NIST Frameworks
• CMMC
• GDPR
• Auditing
• Regulatory Monitoring
• Security Controls