• Cybersecurity Policy and Procedure Analyst - Mid

    Job Locations US-DC-Washington | US-MD-Rockville
    Posted Date 1 month ago(1 month ago)
    Job ID
    # of Openings
    Information Technology
  • Overview

    GovernmentCIO is looking to bring on a Cybersecurity Policy and Procedure Anaylst - Mid to help support our team. 



    The Cybersecurity Policy and Procedure Analyst - Mid is responsible for effectively managing information security risk organization-wide requires the following key elements:

    • Assist the ISSO in the development of a long-term cybersecurity strategy for the NHLBI. Provide expertise and develop artifacts corresponding to each of the following:
    • Recommend security control objectives .
    • Provide assessment of current cybersecurity status.
    • Recommend security domain model.
    • Offer cybersecurity related plan of actions and milestones.
    • Recommend individual security strategies such as contingency planning, systems documentation, system inventories, risk analysis, etc.
    • Assist the ISSO in defining key metrics for NHLBI cybersecurity posture. The key metrics shall include data collection methodologies and reporting requirements.
    • Monitor and assess Federal law, Executive Agency Policy/Publication, HHS/NIH/NHLBI Standard/Policy/Memo, and other sources for Cybersecurity guidance for impact to the NHLBI Cybersecurity program. The Contractor shall provide reports as needed.
    • Create, review, and revise documents (such as memos, informational papers, briefs, communication packages) related to Cybersecurity to support sharing policy/guidance information with the NHLBI community and staff.
    • Create an implementation plan for all the cybersecurity policies and standards that are applicable to the NHLBI with actionable items and timelines.
    • Carry out the cybersecurity related action items in the implementation plan. Some implementation plans for the standards and policies require annual review.

    GCIO seeks a Cybersecurity Policy and Procedure Analyst - Mid with the following:

    • Knowledge of strategic planning for cybersecurity risk management, compliance, policy and procedure development
    • Knowledge of cybersecurity risk management implementation (strategy and plan to exeute)
    • Knowledge of NIST 800-39 Managing Information Security Risk (Organization, Mission, and Information System view).  The is different focus than 800-37 Guide for Applying the Risk Managment Framework
    • Knowledge of NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) new framework that D/A are applying to their cybersecurity program and it is how they are reporting FISMA metrics to DHS
    • Knowledge of GRC (governance, risk management, compliance)
    • Knowledge of FISMA
    • Knowledge of 800-53 controls
    • Senior level communications
    • Strategic planning
    • Excellent analysis and writing skills

    The Cybersecurity Policy and Procedure Analyst - Mid will:

    • Ensure that senior leaders/executives recognize the importance of managing information security risk and establish appropriate governance structures for managing such risk;
    • Ensure that the organization’s risk management process is being effectively conducted across the three tiers of organization, mission/business processes, and information systems;
    • Foster an organizational climate where information security risk is considered within the context of the design of mission/business processes, the definition of an overarching enterprise architecture, and system development life cycle processes; and
    • Help individuals with responsibilities for information system implementation or operation better understand how information security risk associated with their systems translates into organization-wide risk that may ultimately affect the mission/business success.



    Certification Requirements:

    CISSP is preferred.  Key positions require CISSP.  CISM, Securiuty +, CISA.

    Skills Requirements:

    Enterprise Risk Management, Cybersecurity Risk Management, Governance Risk and Compliance (GRC), Cybersecurity Framework (CSF), FISMA, NIST 800-39, NIST 800-53, NIST 800-37

    Tools & Software Experience:


    Education Requirements:


    Years of Experienced Required:

    3 to 5 years experience, maybe even more senior level at 7 years

    Anticipated Disqualifications:

    Level 5: Public Trust - Moderate Risk. Contractor/subcontractor employees assigned to Level 5 positions with no previous investigation and approval shall undergo a Suitability Determination and a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI).


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed