Cyber Policy Analyst
Arlington, VA

Job Description

Working at ICF

Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you're seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF-together for tomorrow.

ICF seeks a Security Policy Analyst to support federal, public-private collaboration efforts focused on Governance, Risk and Compliance in the cyber security area. In this role you will utilize your experience as an experienced Cyber professional to provide policy, program and risk management expertise. You will support the client's activities related to FISMA audits, security policies and procedures, and ATO for various systems in the client agency

This position is part of a large, business analysis and management support services contract for a federal civilian agency and is based on our client site in Arlington, VA.

What you'll be doing:

* Interface with cyber security subject matter experts to gather input and develop policy and reports.
* Use your experience with the NIST 800 series publications to maintain and update security policies, technical guidance and SOPs.
* Work with the training developer to update the mandatory security and privacy training content with new policies and guidance.
* Provide planning, documentation, logistics, and execution support for public-private cyber security and risk management meetings and events.
* Support audit-related data calls, compile and record audit responses; track audit findings to resolution.

Utilize your FISMA and FedRAMP expertise to support the ATO process for new client systems or major upgrades.

* Lend cybersecurity and risk management expertise for various initiatives and programs.
* Research, review and report various best practices, industry cyber security developments, standards, and guidelines.
* Coordinate with internal and external partners to assess stakeholder needs and increase program efficacy.

Qualifications

Basic Qualifications:

* Direct experience with FISMA/NIST 800 series publications is required.
* Experience with conducting or responding to security audits.
* Demonstrated experience in planning and managing Cyber Security projects.
* Experience writing and editing security-related policies, procedures and training content.
* Hands-on experience with assessing, designing, or implementing security programs or specific capabilities, including governance, incident response, threat intelligence, security monitoring, and vulnerability management.
* Program/project management experience.
* Bachelor's degree with 5+ years' experience in Cybersecurity and risk management best practices

Preferred Skills/Experience:

* •Certifications that are strongly preferred (not required): CISA, CISSP, other Microsoft certifications
* Experience developing or analyzing security policy.
* Experience in designing and implementation of standards and best practices.
* Strong customer facing experience.

Professional Skills:

* Strong analytical, problem-solving and decision making capabilities.
* Strong written and verbal communication skills.
* Aptitude for working autonomously and prioritizing.
* Ability to multi-task and prioritize according to changing circumstances.

ICF is an equal opportunity employer that values diversity at all levels. (EOE - Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation and Gender Identity)

Pay Transparency Statement: For more information, please click here: https://www.dol.gov/ofccp/pdf/pay-transp_formattedESQA508c.pdf

Virginia Client Office (VA88)