View All Jobs

Information Systems Security Auditor (SME) in Merrifield at General Dynamics Information Technology

Date Posted: 7/16/2018

Job Snapshot

  • Employee Type:
  • Location:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description

General Dynamics Information Technology (GDIT) has an opportunity for an Information Systems Security Auditor to join the security team of a major nationwide organization, with thousands of sites, to continually improve its complex multi-protocol nationwide network.  The ideal candidate for this job will be an experienced information security practitioner who is goal-oriented and strives to exceed expectations.

THe successful Information Systems Security Auditor candidate will be an experienced CERT-RMM Information System Security Auditor who has real process model experience with RMM, CMMI, ITIL, ISO 9001, ISO/IEC 20000-1 or ISO/IEC 27001 and with hands on experience.  The Information System Security Auditor will manage evidence submission process and storing of submitted work products and will serve as the CISOs Cybersecurity SME on CERT-RMM Appraisal process.

Responsibilities include, but not limited to:

  • Reviewing and validating correctness, relevancy, and completeness of work products (a.k.a. objective evidence) generated by various CISO teams demonstrating that they have instantiated one or more of the 540 CERT-RMM practices. Categorizing instantiation of each of the RMM practices on a FILIPINI scale (NI=not implemented, PI=partially implemented, LI=largely implemented, FI=fully implemented)
  • Reviewing and validating correctness, relevancy, and completeness of work products (a.k.a. objective evidence) generated by various CISO teams demonstrating that they have addressed (implemented) one or more of the 600+ improvement recommendations (a.k.a. RAW recommendations). Categorizing each recommendation either as completed or not
  • Update the value of the CISO’s Cybersecurity Program Progress Metric (CPPM) on a weekly basis

We can only accept US citizens and or Green Card Holders.

Job Requirements


  • Over 8 year's experience working as an Information Systems Auditor for an information technology, information assurance, or information management program
  • Hands-on and oversight providing process model support with any of the following: RMM, CMMI, ITIL, ISO 9001, ISO/IEC 20000-1 or ISO/IEC 27001; preferably CMMI if no CERT-RMM process improvement experience
  • CERT-RMM and/or CMMI appraisal experience
  • Certified in either SEI-Certified CERT-RMM Lead Appraiser or Certified SCAMPI Lead Appraiser (CMMI for Services)
  • Complete Software Engineering Institute’s (SEI) Introduction to the CERT Resilience Management Model Training course (3 days)
  • Considered a Cybersecurity subject matter expertise (SME)
  • Possess the highest level of integrity with superior customer service skills,
  • Demonstrable experience across broad spectrum of cybersecurity tools
  • Must be able to obtain a Public Trust clearance (requires the selected candidate to have resided in the US for the past five years and not have left the country for longer than 90 consecutive days)
Desired Certifications (one or more of the following):  Systems Security Certified Practitioner (SSCP), CompTIA Security +, GSNA – GIAC Systems & Network Auditor, CISA – Certified Information Systems Auditor

For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.