Cybersecurity Analyst Senior Principal

About the Role: Cybersecurity Analyst Senior Principal at BAE Systems USA

As a Cybersecurity Analyst Senior Principal, you will play a critical role in driving internal cybersecurity reviews to support corporate-wide compliance initiatives within our Compliant Operations team. This position offers the opportunity to provide critical expertise in cybersecurity standards, cloud security, and risk mitigation, ensuring sustainable compliance across the organization. You will evaluate and validate compliant solutions, assess and mitigate risks, and drive improvements in control management to protect our systems and data. Joining our team means embarking on a rewarding job that challenges you to make a tangible impact on our cybersecurity posture.

Position Responsibilities Include, But Not Limited To

• Lead internal cybersecurity IT design and artifact reviews to support corporate-wide Cyber Security compliance initiatives.
• Evaluate proposed solutions for IT deficiencies, verify, and validate final solution artifacts included in Sector information system/environment Plan of Action and Milestones (POAMs) and Return-to-Green (RTGs).
• Conduct reviews, evaluations, and provide input on proposed solutions and final artifacts to ensure adherence to key control domains based on BAE Systems Cyber Security Standards, policies, and directives at an enterprise level.
• Evaluate Exception requests to Policy/Standard IT Security (e.g., Blocked Sites, DVD, USB).
• Evaluate Internet-exposed Services/Certification & Accreditation (C&A) and Cloud Service Providers (CSP) requests.
• Help define common workflows, automations, templates, inheritable cyber services, and execution of value streams that enable sustainable compliance across the enterprise.
• Assess the design and operational effectiveness of IT controls and identify exposure to risk.
• Facilitate compliance reviews to increase awareness and knowledge of compliance requirements and identify opportunities to streamline or improve the control environment without increasing overall risk.
• Communicate complex technical issues in simplified terms to relevant teams and stakeholders.
• Provide guidance to remediate identified security and control risks.
• Stay up to date with the latest industry trends in cybersecurity and apply them to the enterprise as applicable.

Required Education, Experience, & Skills

• Bachelor's Degree and 8 years work experience.
• At least 8 years of experience in information technology auditing, combined audit/IT audit, or relevant information security or information technology roles, with a focus on cyber security standards, architecture requirements, and cybersecurity standards.
• Well-rounded IT audit experience with a strong understanding of information security frameworks and IT audit methodologies.
• Exception handling skills to manage and resolve complex IT and cybersecurity issues.
• Ability to synthesize complex information into actionable insights.
• Strong attention to detail with an analytical mind on IT processes and outstanding problem-solving skills.
• Expertise in cybersecurity standards, cloud security, and risk mitigation.
• Experience with continuous process improvement, innovative governance, risk and compliance solutions.
• Solid understanding of information security frameworks and IT audit methodologies.
• Proficient with a broad knowledge of IT operations and technologies such as Network Infrastructure technologies (WAN/MAN/LAN), Cybersecurity, Active Directory, Backup & Recovery, Data Center, Operating Systems, Virtualization Services, SDLC and Change Management.
• IT application experience (SAP, Oracle, PeopleSoft and Costpoint).
• 5 years of audit project management experience.
• Data Analysis experience, with the ability to apply analytical skills to drive insights and recommendations.
• Understanding of industry standards including ISO27001, ISO 20K, NIST 800-53, 800-171.

Preferred Education, Experience, & Skills

• Certified Information Systems Auditor (CISA).
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certificate of Cloud Security Knowledge (CCSK).
• Experience with cloud security platforms, such as AWS.
• Experience with cybersecurity threat intelligence and incident response.

Pay Information

The Full-Time Salary Range for this position is $108,787 - $184,937. Individual salaries are determined by various factors including business considerations, local market conditions, internal equity, and candidate qualifications such as skills, education, and experience.

BAE Systems offers comprehensive employee benefits to regular employees working 20 hours per week or more. These include health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. Additionally, employees have access to an employee assistance program, a legal plan, and perks like discounts on home, auto, and pet insurance. Leave programs encompass paid time off, paid holidays, paid parental leave, military leave, bereavement leave, and applicable federal and state sick leave. Employees may also participate in the company recognition program for monetary or non-monetary awards, with other incentives potentially available based on position level and job specifics.

Key skills/competency

• Cybersecurity Standards
• Risk Mitigation
• Cloud Security
• IT Audit
• Compliance Initiatives
• Information Security Frameworks
• Network Infrastructure
• Data Analysis
• Incident Response
• Control Management