As a Cyber Analyst Senior Principal, you will play a critical role in driving internal cyber security reviews to support corporate-wide compliance initiatives. This opportunity is part of our Compliant Operations team.

In this role, youll provide critical expertise in cybersecurity standards, cloud security, and risk mitigation, ensuring sustainable compliance across the organization. Your day-to-day will involve evaluating and validating compliant solutions, assessing and mitigating risks, and driving improvements in control management to protect our systems and data. By joining our team, youll embark on a rewarding job that challenges you to make a tangible impact on our cyber security posture.

Position Responsibilities include, but not limited to:

• Lead internal cybersecurity IT design and artifact reviews to support corporate-wide Cyber Security compliance initiatives.
• Evaluate proposed solutions for IT deficiencies, verify, and validate final solution artifacts included in Sector information system/environment Plan of Action and Milestones (POAMs) and Return-to-Green (RTGs).
• Conduct reviews, evaluations, and provide input on proposed solutions and final artifacts to ensure adherence to key control domains based on BAE Systems Cyber Security Standards, policies, and directives at an enterprise level.
• Evaluate Exception requests to Policy/Standard IT Security (e.g., Blocked Sites, DVD, USB)
• Evaluate Internet-exposed Services/Certification & Accreditation (C&A) and Cloud Service Providers (CSP) requests
• Help define common workflows, automations, templates, inheritable cyber services, and execution of value streams that enable sustainable compliance across the enterprise.
• Assess the design and operational effectiveness of IT controls and identify exposure to risk.
• Facilitate compliance reviews to increase awareness and knowledge of compliance requirements and identify opportunities to streamline or improve the control environment without increasing overall risk.
• Communicate complex technical issues in simplified terms to relevant teams and stakeholders.
• Provide guidance to remediate identified security and control risks.
• Stay up to date with the latest industry trends in cybersecurity and apply them to the enterprise as applicable.

• Bachelor's Degree and 8 years work experience
• At least 8 years of experience in information technology auditing, combined audit/IT audit, or relevant information security or information technology roles, with a focus on cyber security standards, architecture requirements, and cybersecurity standards.
• Well-rounded IT audit experience with a strong understanding of information security frameworks and IT audit methodologies.
• Exception handling skills to manage and resolve complex IT and cybersecurity issues.
• Ability to synthesize complex information into actionable insights.
• Strong attention to detail with an analytical mind on IT processes and outstanding problem-solving skills.
• Expertise in cybersecurity standards, cloud security, and risk mitigation.
• Experience with continuous process improvement, innovative governance, risk and compliance solutions.
• Solid understanding of information security frameworks and IT audit methodologies.
• Proficient with a broad knowledge of IT operations and technologies such as Network Infrastructure technologies (WAN/MAN/LAN), Cybersecurity, Active Directory, Backup & Recovery, Data Center, Operating Systems, Virtualization Services, SDLC and Change Management.
• IT application experience (SAP, Oracle, PeopleSoft and Costpoint).
• 5 years of audit project management experience.
• Data Analysis experience, with the ability to apply analytical skills to drive insights and recommendations
• Understanding of industry standards including ISO27001, ISO 20K, NIST 800-53, 800-171

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certificate of Cloud Security Knowledge (CCSK)
• Experience with cloud security platforms, such as AWS.
• Experience with cybersecurity threat intelligence and incident response