Cybersecurity Policy and Compliance Analyst

Annapolis Junction, Maryland, United States
Jan 17, 2019
Jan 21, 2019
Full Time
Job Description Job Number: R0042942

Cybersecurity Policy and Compliance Analyst

Key Role:
Serve as an assessment and authorization (A&A) subject matter expert (SME), including using knowledge of the DoD Information Assurance Certification and Accreditation Process (DIACAP) and Risk Management Framework (RMF). Design, develop, and recommend integrated security system solutions that will ensure proprietary and confidential data and systems are protected. Conduct regular audits supporting Federal Information Security Management Act (FISMA) reviews to ensure systems are being operated securely and computer security policies and procedures are being implemented, as defined in security plans. Prepare materials for computer security education and awareness programs and respond to queries and requests for computer security information and reports. Perform ongoing A&A activities to support the program by developing and maintaining A&A packages using the Enterprise Mission Assurance Support Service (eMASS). Provide technical knowledge and analysis when performing vulnerability assessment leveraging tools, including the Assured Compliance Assessment Solution (ACAS) and provide implementation guidance on a way forward regarding vulnerabilities, including analyzing the development of Information Assurance Vulnerability Alerts (IAVA), security technical implementation guides (STIGs), Plans of Action and Milestones (POA&Ms), and mitigations. Ensure tracking of operation order (OPORD) and task order compliance and process change requests supporting A&A package amendments.

Basic Qualifications:
-2+ years of experience with executing A&A of DoD systems
-Experience with the DIACAP or RMF
-Secret clearance required
-BA or BS degree
-DoD 8570 or 8410 IAT II Certification, including CCNS Security, CSA+, GICSP, GSEC, Security+ CE, or SSCP

Additional Qualifications:
-Experience with DoD Cybersecurity policies, directives, and STIGs
-Experience with leveraging tools, including ACAS, CMRS, and eMASS preferred
-Experience with assessing organizational risks and recommending mitigation strategies
-Knowledge of NIST 800 series publications, including 800-30, 800-37, 800-53, and 800-53a

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

Similar jobs