Cybersecurity Policy Analyst

District of Columbia, D.C
Jun 26, 2022
Jul 04, 2022
Full Time

As a Cybersecurity Policy Analyst in the Office of the Chief Information Officer (OCIO) National Security Cyber Division, you will support the development of DHS policy related to assessing and mitigating cyber risks to DHS assets and increasing the cyber resilience of its Components.
In the Technical Track, at the Senior Cybersecurity Specialist level, you will continually and proactively participate in learning activities to enhance and apply your full, working-level expertise in the technical capability of Cybersecurity Risk Management and Compliance to perform a range of tasks, including, including:
  • Applying knowledge of Federal laws, government regulations, executive orders, agency rules, government organization and functions, and current Departmental requirements to assess cybersecurity policy needs and collaborate with stakeholders to develop and/or revise cybersecurity policies
  • Translating applicable laws, statutes, and regulatory documents to recommend integration into policy and considering risk assumptions and organizational tolerance for risk to advise leadership of risks and benefits to organizational strategy
  • Documenting and assessing Federal cybersecurity legislation and industry best practices necessary to protect an organization, mission, and system commensurate with the risk to organizational operations and assets
  • Assisting DHS leadership in making strategy or policy decisions for determining the adverse impact or consequences to the organization to guide and inform subsequent risk management processes and tasks
  • Ensuring the policy to enforce the treatment of risk, compliance, and assurance from internal and external perspectives, reporting on the security state of systems to appropriate organizational stakeholders is appropriately established
  • Developing and recommending cybersecurity policy changes to support mission needs and requirements
  • Preparing, overseeing, and/or organizing collaborative efforts for monitoring and maintaining an ongoing, documented situational awareness of the state of security and privacy; as it is applicable to the impacts and support of risk management decisions, at the organization, mission, and system levels
  • Providing guidance to stakeholders on cybersecurity policy implementation and interpretation
  • Planning, developing, and assisting in the coordination and communication of new policies and procedures relevant to the implementation of security guidance and solutions
  • Documenting current state policy and procedures, researching best practices, identifying gaps, and developing target state for cybersecurity oversight process
  • Communicating with both technical and functional clients regarding technical solutions and implementation approaches as appropriate
  • Creating and executing project work plans and revising as appropriate to meet changing needs and requirements
  • Estimating level of effort needed to administer and maintain the policy and procedures associated with any recommended cybersecurity initiatives
  • Documenting, validating, and assessing processes necessary to ensure that existing and new information technology systems meet the Department's cybersecurity and risk requirements, providing decision makers with the knowledge to make well-informed risk decisions
  • Customizing and presenting communications for different levels of leadership and target audiences to present strategic recommendations for driving strategic and operational decisions for managing risk to DHS mission, function, image, reputation, assets, individuals, and/or organizations

Generally, a DHS Cybersecurity Service employee whose primary technical capability is Cybersecurity Risk Management and Compliance:
  • Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to ensure that existing and new information technology systems meet the Department's cybersecurity and risk requirements, and provide decision makers with the knowledge to make well-informed risk decisions
  • Ensures that strategic considerations drive investment and operational decisions with regard to managing risk to organizational operations (including mission, function, image and reputation), organizational assets, individuals, other organizations (collaborating or partnering with federal agencies and contractors) and the nation
  • Understands and utilizes the National Institute of Standards and Technology (NIST) series of documents


Conditions of Employment

  • You must be a U.S. Citizen or national.
  • You must be 18 years of age.
  • Must be registered for the Selective Service (if you are a male).
  • Must be able to obtain and maintain a Top Secret/SCI security clearance.
  • Must be able to submit to a drug test and receive a negative result.
  • Must be able to comply with ethics and standards of conduct requirements, including completing any applicable financial disclosure.
  • May be required to serve a 3 year probationary period.


This position is in the Technical Track at the Senior Cybersecurity Specialist career level. At this level, individuals generally:
  • 5+ years of cybersecurity work experience.
  • Have worked in progressively difficult cybersecurity roles
  • Have contributed to efforts to address cybersecurity challenges and/or to cybersecurity projects, programs, and teams
  • Have a primary technical capability
DHS Cybersecurity Service employees start at career levels and salaries matching their experience and expertise. To learn more about DHS Cybersecurity Service career tracks and levels, visit our application portal .

This position is focused on Risk Management and Compliance.

DHS Cybersecurity Service jobs are structured cybersecurity specializations - called technical capabilities. To learn more about technical capabilities, visit our application portal .

Desired Tools/Industry Experience: Applicants for this position should be able to use tools such as: MS Office Suite, MS Visio, MS Project, Project Management, Organizational Research Methodologies and Reasoning methodologies
Desired Certifications:
  • Certified Authorization Professional (CAP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA A+
  • Network+
  • Security+
  • Project Management Professional (PMP) or equivalent (DHS PM Level 3 certification)


Degrees are not required for jobs in the DHS Cybersecurity Service, but DHS is interested in your level of education and the topics you studied. As you submit initial application information, you will be asked questions about your education.

Additional information

Benefits: DHS Cybersecurity Service employees receive a range of federal employment benefits designed to support their professional and personal lives. To learn more about benefits, visit our application portal .

More information about the specific benefits available to you will be provided as you progress through the application process.

Background Investigation: To ensure the accomplishment of its mission, the Department of Homeland Security (DHS) requires each and every employee to be reliable and trustworthy. To meet those standards, all selected applicants must undergo and successfully complete a background investigation for a security clearance as a condition of placement in this position. This review includes financial issues such as delinquency in the payment of debts, child support and/or tax obligations, as well as certain criminal offenses and illegal use or possession of drugs.

Pursuant to Executive Order 12564 and DHS policy, DHS is committed to maintaining a drug-free workplace and, therefore, conducts random and other drug testing of its employees in order to ensure a safe and healthy work environment. Headquarters personnel in safety- or security-sensitive positions are subject to random drug testing and all applicants tentatively selected for employment at DHS Headquarters are subject to drug testing resulting in a negative test result.

More searches like this