Cybersecurity Policy Analyst
15 days ago
Washington
Job Description Cybersecurity Risk Policy Analyst Location: Remote Clearance Required: Minimum Secret Employment Type: Full Time, Regular Job Description: Special Aerospace Security Services, Inc. (SASSI) is seeking a Cybersecurity Risk Policy Analyst to support a United States Government client. The Analyst will join a collaborative multi-disciplinary team focused on strengthening cybersecurity governance and compliance across Federal environments. This role emphasizes writing, reviewing, and implementing cybersecurity policies and procedures aligned with RMF (Risk Management Framework), NIST guidance, and broader Governance, Risk, and Compliance (GRC) strategies. Work Environment: This is a remote position; however, the selected candidate is expected to maintain a full-time presence during normal business hours. The employee must be consistently available and responsive to the team and client during core business hours of 8:30 AM to 3:30 PM EST, Monday through Friday (flexible working hours between 7:00AM to 6:00PM). Participation in virtual meetings, collaborative working sessions, and prompt communication via Microsoft Teams, email, and other platforms is required to ensure alignment with other (GRC) team members and project stakeholders. Primary Responsibilities: • Lead and support the development, implementation, and governance of cybersecurity policies and procedures., • Collaborate with stakeholders, mission organizations, and technical teams to define security requirements and align governance objectives., • Develop and update policies and documentation supporting RMF controls, including System Security Plans (SSPs), Vulnerability Management, Configuration Management, Change Management, and Incident Response., • Provide expert knowledge in Federal cybersecurity regulations, including NIST SP 800-53/37, FISMA, OMB guidance, and RMF processes., • Perform qualitative and quantitative security risk assessments to identify gaps, evaluate threats, and recommend mitigation strategies., • Guide the implementation of Zero Trust Architecture and contribute to cyber resilience strategies., • Assist in Continuous Monitoring, A&A documentation, policy lifecycle management, and GRC tool support., • Engage in technical and non-technical report writing, including risk analysis reports and governance briefings., • Write, edit, and format formal cybersecurity documentation, policies, and procedures to meet Customer standards and ensure clarity, consistency, and compliance., • Ensure all deliverables follow professional documentation standards including proper grammar, formatting, structure, and version control., • Deliver training and advisory support to stakeholders on cybersecurity governance, policy compliance, and RMF processes., • US Citizenship, • Must pass a background investigation, • Active Secret clearance (minimum), • 5+ years of information security experience, • 2+ years developing and maintaining cybersecurity policies and procedures, • 2+ year of RMF implementation experience focused on cybersecurity controls, • Exceptional attention to detail and accuracy in all documentation and analysis, • Proven ability to navigate and influence complex organizations and deliver policy initiatives to senior leadership and technical teams., • Strong knowledge of security governance, compliance, and risk management frameworks., • Demonstrated ability to perform technical writing, editing, and document formatting in compliance with GRC documentation standards, • Familiarity with:, • NIST, ISO, FISMA, OMB, COBIT, FAIR, SIG, CCM, SOC-2, HITRUST, PCI, GDPR, • Proficient in tools and processes to:, • Facilitate meetings, organize virtual collaboration, and deliver presentations via Microsoft Teams, • Excellent analytical, communication, and technical writing skills, • RMF Tools, • Governance, Risk, & Compliance Tools (e.g., ServiceNow Xacta, RSA Archer), • DISA STIGs, CIS Benchmarks, • ServiceNow, • RedSeal, Tenable, Splunk, Cortex XDR, • Phishing simulation tools, • Drafting government policies, RMF SSPs, and A&A documentation, • Risk analysis techniques (qualitative and quantitative), • Technical and non-technical report writing, • Document formatting best practices (headers, styles, templates, tables, TOCs), • Technical writing methodologies, • Zero Trust Architecture (ZTA) principles, • Required: DoD 8570.01 IAM Level II (e.g., CAP, CASP+, CISM, CISSP [Associate], GSLC), • Preferred: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related discipline
Cleaning
Driver & Delivery
Kitchen Porter
Chef & Cook
Waiters
Construction & Trades
Security
Fast Food
Salon & Beauty
Office & Admin
Retail
Sales & Marketing
Warehouse
Customer Service
Host & Hostess
Barista
Entertainment
Accounting & Finance
Animal Care
Art, Media, Design
Bar Staff
Child Care
Education
Engineering
Events & Promotion
Fashion
Healthcare
Information Technology
Legal
Management
Manufacturing
Online Jobs
Science
Sports & Wellness
Writing & Editing
Other
Page 10