Cybersecurity Policy Analyst – Mid

at ECS Federal, LLC
Location Suitland, MD
Date Posted October 30, 2021
Category Default
Job Type Full-time


ECS is seeking a Cybersecurity Policy Analyst - Mid to work in our Suitland, MD office.

Job Description:

  • Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.
  • Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
  • Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
  • Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance
  • Develop policy, programs, and guidelines for implementation.
  • Identify organizational policy stakeholders.
  • Review existing and proposed policies with stakeholders.
  • Serve on agency and interagency policy boards.
  • Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
  • Develop and implement standardized position descriptions based on established cyber work roles.
  • Develop and review recruiting, hiring, and retention procedures in accordance with current HR policies.
  • Develop or assist in the development of training policies and protocols for cyber training.
  • Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
  • Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements.
  • Review and apply organizational policies related to or influencing the cyber workforce.
  • Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
  • Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
  • Analyze organizational cyber policy.
  • Draft, staff, and publish cyber policy.
  • Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
  • Seek consensus on proposed policy changes from stakeholders.
  • Provide policy guidance to cyber management, staff, and users.

Required Skills:

  • Minimum of a 4-year bachelor's degree
  • Active Public Trust clearance or eligible to obtain a Public Trust clearance
  • 3+ years' experience completing internal audits, supporting audit planning, and completing reviews of information systems
  • Certifications addressing information privacy technology, privacy program governance (organization level, develop the privacy program framework, implement the privacy policy framework, metrics) privacy operation lifecycle (assess your organization, protect, sustain, respond), program management, risk management, categorization of information systems, selection of security controls, security control implementation and assessment, information system authorization, monitoring of security controls, understand basic cybersecurity concepts and definitions, apply cybersecurity architecture principles
  • Strong written and verbal communication skills.
  • Demonstrated ability to interact effectively with senior management and leadership.
  • Ability to design valid and reliable assessments.
  • Ability to assess and forecast manpower requirements to meet organizational objectives.
  • Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
  • Ability to develop career path opportunities.
  • Ability to determine the validity of workforce trend data.

Desired Skills:

  • Master's degree
  • Experience identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Experience identifying and assessing cyber threats and vulnerabilities
  • Specific operational impacts of cybersecurity lapses.
  • Knowledge of resource management principles and techniques.
  • Knowledge of the organization's enterprise information technology (IT) goals and objectives.
  • Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
  • Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
  • Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • Knowledge of learning assessment techniques (rubrics, evaluation plans, tests, quizzes).

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.