GPS - Cyber Security Policy Analyst - Supervising Associate

About The Position

Requirements

• Experience working in information security and understanding of information security concepts
• Knowledge of information security policies/principles of handling and protecting information
• In-depth understanding of NIST security documentation and CMMC framework such as FIPS and NIST-171 and 800 Series publications and their application.
• In-depth understanding of DFARS related security requirements and their application.
• General technical knowledge of operating systems, databases, networks, mobile technologies and cloud services
• Strong English language skills are required – written and verbal
• Good writing, presentation, interpersonal, and collaborative skills
• Ability to collaborate with others to facilitate and enhance compliance with policies
• Maintain awareness of the current security threat landscape
• Experience with coordinating tasks, allocating resources, and following tasks and projects through completion
• Experience with Microsoft Office (Word, Excel, PowerPoint, Visio, and Copilot)
• Bachelor’s degree in information security/assurance, computer science, or a similar technical field.
• A minimum of 3+ years of experience in information security, with a preferred focus on US government security requirements and compliance
• Experience developing and implementing security policies, standards, and procedures in alignment with government security requirements
• Excellent communication skills, with the ability to effectively articulate complex security concepts to both technical and non-technical stakeholders

Nice To Haves

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified CMMC Assessor (CCA) are highly desirable
• Ability to obtain and maintain a Top-Secret Security Clearance

Responsibilities

• Work with executive leadership to develop, maintain, and govern information security PSGs supporting the GPS Information Security Program
• Translate recommendations from domain professionals, vendor and industry standards, guidelines and leading practices into high-quality, coherent information security PSGs
• Harmonize GPS information security documentation with EY enterprise policies and standards, NIST security requirements, the DoD Cloud Computing Security Requirements Guide, and applicable regulatory obligations
• Collaborate with Information Security, Information Technology, Data Protection, Legal, and other internal stakeholders to support consistent implementation of information security requirements
• Identify and monitor appropriate information security training for all GPS personnel. While some training may be obtained, custom training will need to be developed.
• Stay up to date with the latest best practices, industry trends, and government security regulations to proactively maintain compliance
• Collaborate with external assessors and auditors and government officials during security audits and assessments
• Organize, structure, and prioritize information from multiple technical, regulatory, and business sources
• Balance information security requirements with business objectives, technical risk, and operational impact
• Apply sound judgment and creative thinking while considering multiple perspectives and constraints
• Adapt to shifting priorities, ambiguity, and evolving regulatory or security requirements
• Work independently with minimal direct supervision while maintaining accountability for outcomes
• Focus on conveying complex information clearly, concisely, and effectively

Benefits

• medical and dental coverage
• pension and 401(k) plans
• a wide range of paid time off options
• flexible vacation policy
• designated EY Paid Holidays
• Winter/Summer breaks
• Personal/Family Care
• other leaves of absence