Mid level Policy Analyst

About Web is currently seeking qualified candidates for a Sr. Policy Analyst in Arlington, VA.

Qualifications:  The core requirement for this position is development of IT security policies, best practices, standards, processes and procedures. The successful candidate must have 8+ years with the creation of IT security requirements, technical security safeguards, countermeasures, risk management, contingency planning, and data communications networking. Experience with security planning of commercial cloud implementations is valuable. Experience with core Federal information laws (i.e., Paperwork Reduction Act, Privacy Act, and E-Government Act) is valuable. Candidate must demonstrate significant experience in a combination of standards and policy development, research and analysis of information system issues and trends, research and development in a technical discipline, and development of information systems. Demonstrated ability to communicate orally and in writing.  Must possess strong organizational skills, writing skills, and interpersonal skills to effectively relate to agency and customer needs. A working knowledge of Federal AIS security (e.g., FISMA/NIST, DOD, and CNSS security management frameworks) is required. 
Project Overview:
The position establishes, promulgates and promotes awareness of the computer security (COMPUSEC), communications security (COMSEC) and network security policies and standards.  The Policy and Standards component is responsible for developing, promulgating, and maintaining COMPUSEC and COMSEC policies and standards, the Overseas Security Policy Board (OSPB) computer security policy and standards,   and providing guidance on existing policies and standards. The Program is also responsible for representation and coordination of National level policies and guidance. The Policy and Standards component also handles waiver requests for standards and policies within the Office of Computer Security’s scope of authority and provides recommendations regarding policy waiver requests within its scope of authority.  Additionally, the program responds to policy inquiries received via cables, memos, emails and phone calls.  The program tracks tasks and activities using a Remedy-based application.
Daily Responsibilities:
Recommend, develop, maintain, and update Domestic and Abroad computer security policies and coordinate clearances of draft COMPUSEC, network security, and COMSEC policies and standards; determine the impact of changes in the IT environment, to include use of new and emerging technology, software, hardware, and firmware, and develop/update policies as needed. Examine incoming requests for waivers or exceptions to policy and draft recommended decision memorandum/cable to include requisite mitigation strategies. Coordinate clearances for draft recommendations. Participate in intra-agency policy working groups. Provide review and coordination support for National level classified and unclassified computer and communications security policies and guidelines. Respond to cables, memos, emails and phone inquiries regarding security policies and standards.  Help maintain the contents of the Frequently Asked Questions (FAQ) web page and web portal website by ensuring that links for the latest automated procedures are correct, that the portal page provides requisite instructions for the user. Maintain databases for tracking incoming and outgoing policy documents, policy inquiries, standards waiver requests; provide status reports as required.   Prepare contract deliverables to include Trend Analysis reports, Quarterly Status Reports, etc.
Education:         Bachelors in IT or related field, or equivalent combination of education and work experience

Certifications:   None required, security-related information technology certification required (e.g. CISSP)