Policy Analyst

Coalfire Federal • Washington, DC, US • 6h ago

About Coalfire Federal

Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for over 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

We're currently seeking a Policy Analyst with a background in Technical Writing/Documentation, Information System Security, and Cybersecurity Policy to join our federal team in Washington, DC (Hybrid).

Location

This position is part of the Coalfire Federal team supporting one of our clients located in Washington, D.C. Open to local candidates in the DMV area with the availability to go on site 3 days a week.

Position Summary

Governance requires taking a unified view of the client organization's security practices, executing awareness and training and effective assessments. This position works with various business units and leadership to protect data and assets through development and institutionalizing the organizational security policies. As the Policy consultant, you will have experience developing and modifying Enterprise level security policies and publications.

What you'll do

Support the ISSO in carrying out their roles and responsibilities by researching and evaluating the current Cybersecurity Policy and Minimum Requirements.
Provide support to plan, prioritize, coordinate, and implement the organization’s information security program, leveraging existing Cybersecurity Governance processes.
Review, update, and maintain enterprise level Information Security policy documentation and make recommendations for updates or improvements.
Work collaboratively with personnel by providing technical writing support (e.g., prepare and review documentation) for internal and external customers, as required.
Perform a review and analysis of existing security policies; Identify policy gaps and propose draft policy.
Modernize any existing security policies that may need an update based on the advancement of current technology.
Analyze and develop security policies based on best practices to address areas or technologies as defined by stakeholders.
Support ad hoc cybersecurity communications to include organization-wide messaging targeting Staff, Committees and Leadership offices.
Work with cybersecurity personnel to define policy guidelines and ensure written policies are integrated into existing systems, where applicable.
Ensure consistency in guidance and terminology across all policies.
Ensure quality assurance for all documentation which may include new reports, responses to data calls, research papers, and other records as directed by Cybersecurity leadership.
Support transition activities, as directed.
Perform other duties as assigned.

What you'll bring

Experience assessing and enhancing system security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
Strong policy analysis and professional writing ability, including editing and proof reading.
Demonstrated experience reviewing and writing security policies at an enterprise level within a federal agency or comparable IT environment.
A strong understanding of NIST 800-53 information security principles, guidance, and regulations.
Ability to validate Cybersecurity Policy mapping to NIST 800-53 and implement information security requirements for IT systems through the RMF and CSF processes.
Gathering and organizing technical information about an organization's existing security products, and ongoing programs.
Excellent written and verbal communications skills including the ability to communicate effectively with internal stakeholders.
Strong interpersonal skills to interact with clients to provide Cyber Security Policy and Program advice and guidance.
Ability to work in a flexible environment where requirements and procedures continuously evolve.
Ability to work under pressure with efficiency and accuracy.
Proficiency with Office 365 skills including Word, PowerPoint, Excel.

Education

Completed Bachelor’s degree from an accredited university is required, preferably in an IT related field.

Clearance / Suitability

Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.

Certifications

One or more of the following: CISA, Security+, CASP, CEH, Network+, or equivalent industry recognized certification

Years of Experience

Minimum 5 years of overall experience in information security, security program, security operations or similar role - including at least 3 years serving as an Information System Security Officer (ISSO) responsibilities, such as:

Risk Management Framework (RMF) and Cybersecurity Framework (CSF) practices, Security Technical Implementation Guides and associated National Institutes of Standards and Technologies (NIST) 800 series security publications.
Developing and documenting enterprise Information Assurance Policy, Procedure, Standards, and Guidelines.
Experience with NIST 800-53 rev. 5

Why you'll want to join us

Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.

Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities.

You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.

Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.