Cybersecurity Policy and Compliance Analyst

Location
Dahlgren, Virginia, United States
Posted
Apr 19, 2019
Closes
Apr 24, 2019
Ref
J3R64D68QM43S8VXLYX
Function
Analyst
Hours
Full Time
Job Description Job Number: R0051674

Cybersecurity Policy and Compliance Analyst

Key Role:

Support the Navy Cybersecurity risk assessment team in assessing Cybersecurity risks by evaluating Navy systems and analyzing the drafting Cybersecurity of risk reports to highlight current architecture, mitigations, and Cybersecurity risk posture. Analyze, review, and critique assessment and authorization (A&A) documentation for compliance with DoD Cybersecurity policy and agency guidance, including DoD series, CNSS, and NIST special publications. Assess program security compliance, support program briefs, and coordinate and compile program security documentation for various programs. Provide A&A and Cybersecurity support, including Risk Management Framework (RMF) for DoD IT, assess compliance with security technical implementation guides (STIGs), review automated scans, conduct security test and evaluation (ST&E), vulnerability assessments, and computer security responses, and create and manage RMF packages using the Enterprise Mission Assurance Support Service (eMASS). Provide results of unresolved discrepancies to the client for inclusion in that system's information assurance (IA) Plan of Action and Milestones (POA&M). Interact with clients to perform policy and technical audits. Brief client leadership on vulnerabilities to support the government client and prepare brief slides and summary of findings analyses.

Basic Qualifications:

-3 years of experience working in information assurance field

-3 years of experience with DIACAP and NIST Risk Management Framework (RMF) policies, including continuous monitoring, information system security policies, standards, and procedures

-Secret clearance

-AA or AS degree

-DoD 8140 IAM or IAT Certification, including Security+ CE, CISM, CAP, CISSP, or CASP

Additional Qualifications:

-3 years of experience with IT, including in a DoD environment

-2 years of experience with supporting Navy commands in the implementation or assessment of Cybersecurity controls or legacy DIACAP implementation

-Experience with preparing DIACAP or RMF packages and supporting documentation and DoD A&A process and standards

-Experience with supporting the Navy

-Experience with using the Enterprise Management Assurance Support Service (eMASS)

-Ability to conduct security control selection, tailoring, and overlays

-Ability to show proficiency in networking and IT

-Ability to analyze a security plan and perform system security analysis

-Possession of excellent oral and written communication skills

-Top Secret clearance

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

CJ1

Similar jobs