Cybersecurity Policy Analyst


Position Summary

The Cybersecurity Policy Analyst will assist the Director of Security and Infrastructure to achieve and maintain FedRAMP, FISMA and other government authorizations. They will assist with documentation of technical systems, managing system security plans, maintaining lists of vulnerabilities and remediation plans, performing risk analyses, routine security maintenance tasks, and understanding government requirements around NIST, FedRAMP and other security frameworks.

Position Details

Location: Virtual

Travel Required: No

Salary Range: Negotiable

Position Type: Full-time with benefits

Date Posted: April 24, 2018

Mandatory Job Requirements: Experience with IT security policy, security controls documentation, and risk analysis according to US federal government standards – with a heavy preference towards NIST, FISMA and FedRAMP knowledge and experience.

Reports to: Director of Security & Infrastructure

Security Screening: Moderate-level background check will be required

Major Responsibilities & Tasks

Major Responsibilities

Cybersecurity Policy Analyst tasks will include, but are not limited to, the following:

    ● Security Compliance: assist the security team with the tracking of vulnerabilities and remediation, routine monitoring tasks, risk analysis, compliance tracking, trends research and other duties that keep Intelliworx customers, systems, data and personnel safe.

    ● Security Documentation: assist the Security team with documentation of Intelliworx systems, system security plans (SSPs), interconnect and similar security agreements, infrastructure documentation, application documentation, configurations, disaster recovery and other relevant security policies and procedures with the goal of achieving and maintaining FedRAMP*, FISMA** and other government authorizations.

* FedRAMP – Federal Risk and Authorization Management Program

** FISMA – Federal Information Security Management Act

Major Tasks

    ● Maintain the confidentiality, integrity, and availability of all Intelliworx systems by helping the Intelliworx team to implement, track and measure various operational and technical security controls.

    ● Maintain all official FedRAMP and similar security documentation for Intelliworx systems.

    ● During FedRAMP, FISMA and other security assessments, organize the collection of artifacts to

    validate Intelliworx’s security controls and systems.

    ● Maintain a complete and accurate inventory of all Intelliworx systems, system components and

    their statuses.

    ● Manage daily security monitoring reports and keep up-to-date with security trends. Participate

    in occasional on-call shifts.

    ● Manage daily, weekly, monthly and yearly tasks such as user account audits and documentation

    reviews. Maintain the Intelliworx security calendar.

    ● Manage monthly, quarterly and yearly reports for continuous monitoring and other purposes.

    ● Maintain Intelliworx application vulnerability data and help to ensure that information is tracked

    appropriately in documentation and ticketing systems.

    ● Perform routine risk analysis on system changes.

    ● Assist with the administration of Intelliworx employee security training. Help keep company

    personnel apprised of relevant security concerns through the writing of security bulletins, etc.

Required Qualifications and Skills

    ● Experience with IT security controls, documentation and risk analysis according to US federal government standards (with a heavy preference towards NIST 800-53 knowledge and experience; with FedRAMP knowledge/experience desirable).
    ● At least 2-3 years of relevant IT compliance/security experience and, preferably, an Bachelor’s or higher degree from an accredited institution of higher learning in Information Technology or a related discipline.
    ● Excellent communication skills, particularly in compliance/security and technical writing.
    ● Ability to research and process complex government regulations, distill the meaning into simple
    terms and then write concise documentation in accordance with those regulations.
    ● Technical knowledge and experience in IT security and related fields. For example, being
    technical enough to understand what a sql injection is, but will not be required to roll out a fix in
    code or make a change to a database schema to fix it.
    ● Ability to maintain focus and momentum in a document and detail-heavy role.

Desired Qualifications and Skills

    ● The ability to act as an advocate for following government regulation and processes
    ● Working with an agile team is an absolute must – willing to approach situations from a security
    regulatory perspective and assist others with navigating complex processes so that those
    employees may focus on efficiently executing their duties.
    ● GSEC, CISA, Security + or similar security accreditation preferred.
    ● Superior organizational skills and detail orientation.
    ● Ability to work in an unstructured and goal oriented environment where the focus is to
    accomplish assigned tasks and not to clock hours.
    ● Ability to adapt to a flexible work schedule that includes after-hours work if needed.

Submission Instructions

E-mail: leanne.hankey@intelliworxit.com
Email Subject Line: Contracts Manager/Administrator

This position has a scheduled start date of Mon, May 30 (preferably sooner)