Cybersecurity Policy Analyst

Job Description:

As a Cybersecurity Policy Analyst at SASSI, who will join our team and support our United States Government client remotely. The Cybersecurity Policy Analyst works closely with stakeholders and other members of the technical team to gather technical requirements and execute on deliverables. The Cybersecurity Policy Analyst works with an integrated project team comprised of multiple technical disciplines.


Primary Responsibilities:

In this role, you will:

  • Leads and participates in activities that provide policy and governance for the Cybersecurity Program.

  • Leads and participates in the creation, review, and technical assessment of all policies and procedures supporting the security for computing systems that include but are not limited to System Security Plans, Vulnerability Management, Risk Management, Configuration Management, Change Management, and others.

  • Provides knowledge and expertise in government regulatory processes and documentation, including but not limited to Risk Management Approach (RMA), National Institute of Standards and Technology (NIST) standards, and policies and procedures.

  • Leads internal and external assessments/audits of Information Technology, Managed Services, Software as a Service, and all other services.

  • Is responsible for the assessment of the system security protection measures and documentation for applicable systems.

  • Makes recommendations for improvements in cybersecurity controls. Performs oversight surveys and assessments of computing systems, enclaves, and services to ensure mandated controls have been implemented as required by Federal regulations.

  • Develops sophisticated concepts and techniques in the cybersecurity assessment program.

  • Performance, development, and implementation of unclassified cybersecurity program consistent with NIST guidance.

  • Assists in all cybersecurity efforts including continuous monitoring, reporting, participation on project teams, incident management, and supporting the Information System Security Manager (ISSM).

  • Works closely with the mission organizations to provide guidance, training, and tools necessary for protecting the Cybersecurity Program.

  • Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the Project Manager.

Basic Qualifications

  • US Citizen

  • Must hold a minimum Secret clearance

  • 4 years of information security experience.

  • 2 years in developing cybersecurity policies and procedures.

  • 1 years’ experience maintaining policies and procedures with an emphasis on cybersecurity controls per the Risk Management Approach.

  • Experience navigating complex organizations, developing, and delivering vision through various communication strategies and presentations to senior-level executives and technical audience

  • Good understanding of security governance, compliance, and risk management principles.

  • Possesses and demonstrates a strong understanding of controls assessment techniques.

  • Familiarity with common standards, frameworks, and regulations such as:

  • NIST, ISO, COBIT, SIG, CCM, SOC-2, FAIR, HITRUST, PCI, GDPR.

  • Able to function independently and perform routine tasks such as:

  • Facilitate meetings, organize conference calls, deliver presentations, and so forth

  • Strong analytic and problem-solving skills.

  • Strong oral & written communications to include report development and delivery.

Desired Toolsets (does not have to be all of them):

  • RedSeal

  • Tenable

  • ServiceNow

  • Microsoft TEAMs

  • Technology Harding Tools (e.g., DISA STIGs, CIS Benchmarks, Vendor Guidelines)

  • Governance Risk & Compliance (GRC) Tools (e.g., eMASS, RSA Archer, Xacta)

  • Splunk

  • Penetration Testing Tools (e.g., Nmap, Wireshark, Nessus, Metasploit, Aircrack, NetSparker, RedSeal, Burp Suite)

  • Phishing simulations

  • Cortex XDR endpoint detection and response tool

Desired Skillsets:

  • Report Writing (Technical & Non-Technical)

  • Technical Writing Techniques

  • Drafting government policies and procedures

  • Drafting government RMF SSP and A&A packages

  • Ability to perform qualitative and quantitative risk analysis

  • Zero Trust Architecture (ZTA) Design

  • Cyber Resilience Assessment Methodology

Preferred Qualifications

  • IAM II Certification Level

  • CISSP certification

  • Bachelor's degree in Computer Science, Information Systems, or other related discipline.

Full Time / Part Time

Full time


Regular / Temporary

Regular


Job Exempt (Yes / No)

Yes