Senior Information Security Policy Analyst

About The Position

Requirements

• A minimum of 5-7 years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field.
• Experience with leading and directing the work of others.
• Demonstrates proficiency with developing, maintaining and managing Authorizations and Assessments (A&A) and Authority to Operate (ATO) packages.
• Knowledge of standard concepts, practices, and procedures within program management.
• Demonstrates proficiency in IT systems cloud migrations and securing systems in the cloud.
• A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision), Recommended Security Controls for Federal Information Systems and NIST SP 800-53A Revision 4, Guide for Assessing the Security Controls in Federal Information Systems.
• Strong problem-solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
• Excellent documentation skills – redacted samples may be requested.
• Excellent oral and written communication skills.
• Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields.
• The ability to pass a Public Trust Background Investigation.
• US citizens or permanent residents highly preferred.

Nice To Haves

• Security+
• Certified Authorization Professional (CAP)
• Certified in Governance, Risk and Compliance (CGRC)
• Certified Information Privacy Professional (CIPP)
• Cloud Certification (Azure, AWS, CCSP, Cloud+, etc.)
• Certified Information System Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Project Management Professional (PMP)

Responsibilities

• Experience in technical writing, specific to security-related documents, policies and procedures.
• Develop, update, and implement DISC security directives, policies, procedures and plans to support DISC Authority to Operate (ATO).
• Perform gap analysis of existing policies and procedures.
• Develop, update, and implement DISC security directives, policies, and procedures to support cloud working group and cloud migrations.
• Assist in the development and implementation of Departmental Regulations with CPOC.
• Coordinate with system owners to develop Business Impact Analysis (BIAs).
• Assist in Disaster Recovery (DR), Business Continuity (BC) & Continuity of Operations (COOP) documentation and activities.
• Demonstrate strong knowledge of migrating and securing IT systems in the cloud.
• Experience with High Value Assets (HVA) systems and their security controls.
• Experience with Privacy related policy and compliance.
• Experience with developing risk impact assessments and risk mitigation strategies.
• Strong project management skills and familiarity with standard project management methodologies such as Agile and Scrum.
• Comfortable leading meetings.
• Strong familiarity with NIST Special Publications and guidance, specifically 800-53 rev. 4/rev. 5 and the NIST Risk Management Framework.
• Strong problem solving and analysis skills, self-motivated, leader and able to work and communicate in a team environment.

Benefits

• Healthcare Benefits
• Remote Working Options
• Paid Time Off
• Training/Certification opportunities
• Healthcare Savings Account & Flexible Savings Account
• Paid Life Insurance
• Short-term & Long-term Disability
• 401K Match
• Professional development reimbursement
• Employee Assistance Program
• Paid Holidays
• Military Leave