IT Risk Specialist
Job Description
Program Overview
Nationwide program dedicated to maintaining IT infrastructure operations across TSA. Contract supports all US airports and 30+ US Embassy/Consulates international sites across 30 different countries where TSA is present
About The Role
Peraton is seeking a IT Risk Specialist to join our team of qualified, diverse individuals and risk identification, assessment, and mitigation strategies in a dynamic IT environment. . The ideal candidate will support the Department of Homeland Security (DHS). The ideal candidate will have a strong background in IT governance, cybersecurity, compliance, and enterprise risk management, ensuring that IT operations align with business objectives while minimizing risks.
Day to Day Responsibilities:
- Risk Assessment & Mitigation: Identify, evaluate, and mitigate IT and cybersecurity risks across infrastructure, applications, and business processes.
- Governance & Compliance: Ensure adherence to industry standards and regulatory frameworks (e.g., NIST, ISO 27001, COBIT, SOC 2, GDPR, HIPAA).
- Security & Threat Management: Collaborate with cybersecurity teams to assess vulnerabilities, manage incident response plans, and enhance threat detection mechanisms.
- Policy & Framework Development: Design and implement IT risk management policies, controls, and frameworks to safeguard digital assets.
- Business Continuity & Disaster Recovery: Oversee IT risk-related aspects of BCP/DR planning and testing.
- Vendor & Third-Party Risk Management: Assess and monitor risks associated with third-party vendors, cloud services, and IT outsourcing partners.
- IT Audit & Compliance Reviews: Support internal and external audits, ensuring IT systems and processes meet compliance requirements.
- Incident & Root Cause Analysis: Lead post-incident reviews, analyze root causes, and implement corrective actions to prevent future occurrences.
- Stakeholder Communication: Work closely with IT leadership, security teams, and business units to ensure risk transparency and alignment with corporate objectives.
- Training & Awareness: Conduct risk awareness training and promote a strong IT risk management culture.
#TSAIMPACT
Qualifications
Basic Qualifications:
- Bachelors degree and 0 years of experience or a High School diploma and 4 years of experience.
- Must be a U.S. Citizen with the ability to obtain a public trust clearance.
- Experience in IT risk management, cybersecurity, or IT governance.
- Strong understanding of IT infrastructure, cloud computing (AWS, Azure), and cybersecurity principles.
- Hands-on experience with risk assessment methodologies (ISO 31000, FAIR, OCTAVE, etc.).
- Knowledge of regulatory compliance frameworks (e.g., NIST 800-53, ISO 27001, PCI DSS, GDPR, HIPAA, SOX).
- Familiarity with security tools and technologies (SIEM, IDS/IPS, vulnerability scanners, firewalls, endpoint protection).
- Experience with GRC (Governance, Risk, and Compliance) tools such as Archer, ServiceNow GRC, or MetricStream.
- Strong analytical, problem-solving, and decision-making skills.
- Excellent communication and stakeholder management abilities.
Preferred Certifications:
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- ITIL Foundation certification (preferred), must obtain within 30 days of job acceptance
SCA / Union / Intern Rate or Range
Details
Target Salary Range: $51,000 – $82,000. This represents the typical salary range for this position based on experience and other factors.
EEO:Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.