Cyber Security Policy Analyst - Hybrid Remote Option
Location : Plainsboro NJ US 08536
Job Type : Temp/Contract to Direct
Reference Code : 20932-AB-JT1
Compensation : open - 60-80/h
Start Date : 03/07/2022
Hours : Full Time
Required Years of Experience : 5
Required Education : BA/BS degree in Cyber Security, Computer Science, Information Technology, or Communications.
Travel : No
Relocation : No
Job Industry : IT Security
Job Description :
- Contract to direct position for a Cyber Security Policy Analyst to help meet increasing organizational challenges of cyber security governance, risk, and compliance and provide essential functions and subject matter expertise in expanding cyber requirements and responsibility.
- Work with cyber staff and other stakeholders to develop, review, and maintain cyber security authorization documents, policies, procedures, and other program documents.
- Responsible for technical documents associated with the Cyber Security Program Plan (CSPP), System Security Plans, Risk and Threat assessments, and Contingency Plans.
- Prepare responses to data call requests for cyber program information from stakeholders, assist with cyber security audits and assessments, participate in external working groups and integrated project teams, and maintain of plans of action and milestones (POA&Ms).
- Cyber security program documents include Cyber Security Authorization Package including the Cyber Security Program Plan, System Security Plans, Risk Assessment, Threat Statement, Contingency Plan, Cyber Security and IT Policies and Procedures, Information Security Continuous Monitoring Plan, Cyber Security Risk Registry, and Plan of Action and Milestones.
- Respond to data call requests for information from the Department of Energy (DOE) and internal stakeholders (25%).
- Continuously monitor and analyze DOE and other Cyber/IT emerging requirements to determine the impact on the organization and to ensure compliance and use of current best practices.
- Engage with DOE peers and stakeholders and participate in integrated project teams and working groups. (20%)
- Assist with cyber security audits and assessments including programmatic reviews and management of corrective action plans (5%).
Required Qualifications :
- BA/BS degree in Cyber Security, Computer Science, Information Technology, or Communications.
- Minimum 5 years experience as a Policy Analyst in Information Technology, Cyber Security, or a related field.
- Experience working in a US Government environment is desirable.
- Excellent technical writing skills (English) and ability to understand and translate complex cyber security requirements into clear and organized written form.
- Knowledge of Federal, state, and local laws, regulations, policies, and ethics as they relate to cyber security and privacy.
- Understanding of US Government cyber security standards and methodologies including FISMA, the NIST Cyber Security Framework, NIST 800-37 Risk Management Framework, NIST 800-53 Cyber Security Controls, and the Federal Risk and Authorization Management Program (FedRAMP).
- Knowledge of other common industry cyber security standards and organizational best practices (e.g. ISO-27000 series, Center for Internet Security).
- Knowledge of current cyber security threats and vulnerabilities.
- Understanding of basic and advanced information technology concepts, cloud computing methodologies, systems and network architecture, and security controls.
- Proficient in use of standard document management and editing software such as Google Workspace tools and Microsoft Office 365 (Word, Excel, PowerPoint).
- Excellent verbal communication and presentation skills and ability to present security concepts to a wide range of audiences.
- Current CISA or CISSP certification. Technical writing certifications are a plus.
Contact: John Terkovich