Cybersecurity Policy Analyst with IRS Clearance

Job Description

Job Title: Cybersecurity Policy and Compliance Analyst

Location: Arlington, VA.

Duration: Full-Time.

Active IRS MBI is required.

The Position:

Our client has an exciting opportunity to be a Cybersecurity Policy and Compliance Analyst as part of our growing team. The ideal candidate will work closely with our client to develop automated methods to monitor and measure risk, compliance, and assurance efforts in a fast-paced, Cybersecurity environment.

Role Specific Duties:

Create risk profiles by comparing platforms against technical baseline configuration standards from DoD DISA STIGS and CIS (Center for Internet Security) and determine potential deviations from agency policy manual.

Assist with documenting platform specific rationales for baseline configuration deviations.

Responsible for documenting the draft version of the Checklist Adjudication Workbook and Checklist Adjudication Summary

Responsible for uploading all documents to the team SharePoint sites.

Perform analysis of stakeholder submitted bugs and exception (deviation) requests. Document analysis within the internal team template.

Ability to translate technical needs and operational needs to broader audiences of varying technical backgrounds.

Ability to communicate effectively with upper management and customers on the Adjudication outcomes and needs of the Checklist Adjudication Process.

Ability to conceptualize process and standards for internal activities, as evolution and maturation are paramount to the project.

Ability to document team process and activities complying with team SOPS and process guides.

Use Agency ticket management and change control processes to record defects and to manage changes.

Use Qualys Policy Compliance tool for the adjudication process.

Perform stakeholder activities to support Checklist Adjudication

Validating Gold machines for Adjudication

Validating Platform Stakeholders

Managing the Adjudication Stakeholder distribution List in Outlook

Providing communication of Adjudication outcomes as well as exception request outcomes

Providing knowledge transfer of Adjudication process to stakeholder audiences

Manage quarterly IRM policy updates and verify required platform policy updates, to initiate new adjudication cycles for the various platforms.

Investigate enterprise devices by analyzing logs for adjudication and exception request purposes

Assist with stakeholder issue resolution regarding Data Quality. Assist in investigation activities to support data quality within, Qualys and Splunk.

Create, update, track and manage User Stories for agile project tracking.

Assist with updates to the Adjudication Master Tracker, Feedback Forms Tracker.

Designs and prepares technical reports and presents them to senior leadership.

Analysis and reporting role related to vulnerability management of agency security posture.

Collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.

Provide guidance in effective implementation of policies, standards, procedures, and technical guidance to protect systems, personnel, and information.

Continuously update all documentation as required.

Support ad-hoc requests as necessary.

Requirements

Required Qualifications:

Bachelor’s Degree in Engineering, Computer Science, Information Technology, or Science

5 years’ experience in a Cybersecurity Analyst, Cybersecurity Specialist, or a similar role in the Cyber domain

Strong experience with policy and compliance adjudication against DISA STIGS and/or CIS

Experience using Qualys network scanning, compliance, and remediation.

Knowledge and familiarity with the Enterprise Splunk Tool

Knowledge of IRS IRM Security Policy 10.8 Information Technology Security

Possesses a good understanding of IT security systems, architecture, and network topologies

Experience with Federal agencies/Federal contract work

Experience with Risk Management Framework (RMF)

Experience conducting and documenting vulnerability assessments

NIST 800-53 Rev 5 Standards (CM and SI Families)

Understanding of FISMA compliance

Experience with the development and writing of risk-based documentation

CISSP, GIAC, CISM, or CISA preferred

Public Sector clearance with another agency is desirable.