Information Security Policy Analyst Senior

About The Position

Requirements

• A minimum of 5-7 years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field
• Experience with leading and directing the work of others
• Demonstrates proficiency with developing, maintaining and managing Authorizations and Assessments (A&A) and Authority to Operate (ATO) packages
• Knowledge of standard concepts, practices, and procedures within program management
• Demonstrates proficiency in IT systems cloud migrations and securing systems in the cloud
• A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision), Recommended Security Controls for Federal Information Systems and NIST SP 800-53A Revision 4, Guide for Assessing the Security Controls in Federal Information Systems.
• Strong problem-solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
• Excellent documentation skills – redacted samples may be requested.
• Excellent oral and written communication skills.

Nice To Haves

• Security+
• Certified Authorization Professional (CAP)
• Certified in Governance, Risk and Compliance (CGRC)
• Certified Information Privacy Professional (CIPP)
• Cloud Certification (Azure, AWS, CCSP, Cloud+, etc.)
• Certified Information System Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Project Management Professional (PMP)

Responsibilities

• Experience in technical writing, specific to security-related documents, policies and procedures
• Develop, update, and implement DISC security directives, policies, procedures and plans to support DISC Authority to Operate (ATO)
• Perform gap analysis of existing policies and procedures
• Develop, update, and implement DISC security directives, policies, and procedures to support cloud working group and cloud migrations
• Assist in the development and implementation of Departmental Regulations with CPOC
• Coordinate with system owners to develop Business Impact Analysis (BIAs)
• Assist in Disaster Recovery (DR), Business Continuity (BC) & Continuity of Operations (COOP) documentation and activities
• Demonstrate strong knowledge of migrating and securing IT systems in the cloud
• Experience with High Value Assets (HVA) systems and their security controls
• Experience with Privacy related policy and compliance
• Experience with developing risk impact assessments and risk mitigation strategies
• Strong project management skills and familiarity with standard project management methodologies such as Agile and Scrum
• Comfortable leading meetings
• Strong familiarity with NIST Special Publications and guidance, specifically 800-53 rev. 4/rev. 5 and the NIST Risk Management Framework
• Strong problem solving and analysis skills, self-motivated, leader and able to work and communicate in a team environment

Benefits

• Above Industry Healthcare Benefits
• Remote Working Options
• Paid Time Off
• Training/Certification opportunities
• Healthcare Savings Account & Flexible Savings Account
• Paid Life Insurance
• Short-term & Long-term Disability
• 401K Match
• Tuition Reimbursement
• Employee Assistance Program
• Paid Holidays
• Military Leave