Cybersecurity Policy Analyst

About The Position

Requirements

• Bachelor’s Degree or an equivalent combination of formal education and experience. Bachelor's Degree may be substituted for eight (8) additional years of relevant experience.
• Minimum six (6) years of general experience and three (3) years of relevant experience in functional responsibility
• 4+ years’ experience with NIST, FISMA, and Security Assessment & Authorization
• Well-versed in risk management and must have experience working with SDLC and performing security tasks throughout
• Experience with and working understanding of FISMA compliance, experience conducting all phases of Certification and Accreditation, and creating documentation in accordance with NIST guidance
• Well-versed with NIST publications, including NIST 800 series, OMB circulars such as OMB A-123 circular and OMB A-130 circular and memoranda, and CNSS publications and their requirements and impact on system security such as CNSS 1253 and risk management methodologies
• Strong analytical and organizational skills
• Concise writing skills
• Secret clearance required to start

Nice To Haves

• CAP and Security+ highly desired
• Understanding of and experience with CSAM is a plus

Responsibilities

• Serve as part of a team lead supporting the CISO knowledgeable in the field of information assurance and Cybersecurity Policy Analyst.
• Participate in working groups and cybersecurity committees that are tackling the government’s current and emerging challenges such as maturing the CDM program, automating ATO processes, developing and implementing enterprise security services.
• Perform control reviews, security audits, evaluations, and risk assessments of sensitive and complex operational systems and facilities and provides recommendations for remediating vulnerabilities.
• Conduct application, system, and network security assessments, analyses, authorizations, and evaluations in sensitive environments.
• Develop requirements and specifications for reviewing and approving procurement requests, major systems development activities, telecommunications hardware and software, and hardware and software encryption techniques on the basis of security concerns.
• Review and assess current federal policy and procedures and emerging technology changes to the cybersecurity landscape to recommend new policies and procedures.
• Support technical reviews to support non-standard operational requirements and systems, including design, development, and maintenance of unique security assessment security tools and conducting assessments.

Benefits

• Health/Dental/Vision
• 401(k) match
• Paid Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• parental leave