The Cybersecurity Policy Analyst will assist the Director of Security and Infrastructure to achieve and maintain FedRAMP, FISMA and other government authorizations. They will assist with documentation of technical systems, managing system security plans, maintaining lists of vulnerabilities and remediation plans, performing risk analyses, routine security maintenance tasks, and understanding government requirements around NIST, FedRAMP and other security frameworks.
Travel Required: No
Salary Range: Negotiable
Position Type: Full-time with benefits
Date Posted: April 24, 2018
Mandatory Job Requirements: Experience with IT security policy, security controls documentation, and risk analysis according to US federal government standards – with a heavy preference towards NIST, FISMA and FedRAMP knowledge and experience.
Reports to: Director of Security & Infrastructure
Security Screening: Moderate-level background check will be required
Major Responsibilities & Tasks
Cybersecurity Policy Analyst tasks will include, but are not limited to, the following:
- ● Security Compliance: assist the security team with the tracking of vulnerabilities and remediation, routine monitoring tasks, risk analysis, compliance tracking, trends research and other duties that keep Intelliworx customers, systems, data and personnel safe.
● Security Documentation: assist the Security team with documentation of Intelliworx systems, system security plans (SSPs), interconnect and similar security agreements, infrastructure documentation, application documentation, configurations, disaster recovery and other relevant security policies and procedures with the goal of achieving and maintaining FedRAMP*, FISMA** and other government authorizations.
* FedRAMP – Federal Risk and Authorization Management Program
** FISMA – Federal Information Security Management Act
- ● Maintain the confidentiality, integrity, and availability of all Intelliworx systems by helping the Intelliworx team to implement, track and measure various operational and technical security controls.
● Maintain all official FedRAMP and similar security documentation for Intelliworx systems.
● During FedRAMP, FISMA and other security assessments, organize the collection of artifacts to
validate Intelliworx’s security controls and systems.
● Maintain a complete and accurate inventory of all Intelliworx systems, system components and
● Manage daily security monitoring reports and keep up-to-date with security trends. Participate
in occasional on-call shifts.
● Manage daily, weekly, monthly and yearly tasks such as user account audits and documentation
reviews. Maintain the Intelliworx security calendar.
● Manage monthly, quarterly and yearly reports for continuous monitoring and other purposes.
● Maintain Intelliworx application vulnerability data and help to ensure that information is tracked
appropriately in documentation and ticketing systems.
● Perform routine risk analysis on system changes.
● Assist with the administration of Intelliworx employee security training. Help keep company
personnel apprised of relevant security concerns through the writing of security bulletins, etc.
Required Qualifications and Skills
● Experience with IT security controls, documentation and risk analysis according to US federal government standards (with a heavy preference towards NIST 800-53 knowledge and experience; with FedRAMP knowledge/experience desirable).
● At least 2-3 years of relevant IT compliance/security experience and, preferably, an Bachelor’s or higher degree from an accredited institution of higher learning in Information Technology or a related discipline.
● Excellent communication skills, particularly in compliance/security and technical writing.
● Ability to research and process complex government regulations, distill the meaning into simple
terms and then write concise documentation in accordance with those regulations.
● Technical knowledge and experience in IT security and related fields. For example, being
technical enough to understand what a sql injection is, but will not be required to roll out a fix in
code or make a change to a database schema to fix it.
● Ability to maintain focus and momentum in a document and detail-heavy role.
Desired Qualifications and Skills
- ● The ability to act as an advocate for following government regulation and processes
● Working with an agile team is an absolute must – willing to approach situations from a security
regulatory perspective and assist others with navigating complex processes so that those
employees may focus on efficiently executing their duties.
● GSEC, CISA, Security + or similar security accreditation preferred.
● Superior organizational skills and detail orientation.
● Ability to work in an unstructured and goal oriented environment where the focus is to
accomplish assigned tasks and not to clock hours.
● Ability to adapt to a flexible work schedule that includes after-hours work if needed.
Email Subject Line: Contracts Manager/Administrator
This position has a scheduled start date of Mon, May 30 (preferably sooner)