General Dynamics Information Technology Cyber Risk Management Framework (RMF) Policy Analyst – 100% Remote - Secret clearance in Topeka, Kansas
Type of Requisition: Regular
Clearance Level Must Be Able to Obtain: Secret
Public Trust/Other Required: None
Job Family: Compliance
GDIT is seeking a Cyber Policy Analyst to support our Identity, Credential, and Access Management (ICAM) program.
As the Cyber Policy Analyst for the ICAM program, you will be responsible for supporting the ICAM Cyber Security Team with the day-to-day compliance and policy activities to ensure the program remains in good standing and maintains its accreditation. You will work closely with internal and external engineering teams, development, integration, and program stakeholders ensuring activities are performed in accordance with program objectives, policies, and regulations, and requirements.
In this role, a typical day will include:
Assist in identifying, developing, implementing, and maintaining policies and standards across the enterprise to reduce information security and information technology (IT) risks
Define, draft, publish, and maintain Information Security policies, standards, and guidelines such as Contingency Plan, Incident Response Plan, Vulnerability Management, Continuous Monitoring, Backup and Recovery, System Integrity Plan, Key Management, Media Protection, etc.
Assist management with ensuring compliance through management of cybersecurity metrics and development of required reports, such as Federal Information Security Modernization Act (FISMA) reports
Ensures that cybersecurity plans, controls, process, standard, policies, and procedures are aligned with cybersecurity standards
Upload documentation into eMASS system as artifacts for NIST 800-53 security control test results
Identify improvement actions through POA&Ms based on reviews, assessments, and other data sources
Develop, update, and review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
Attend and participate in meetings related to ICAM operations, maintenance activities, TEMs, Scrums, etc. as necessary
Respond to ad hoc requests from the Management team accordingly
Participate in special projects as assigned
Minimum active DoD Security Clearance of SECRET, or higher
Possess the appropriate certifications to achieve DoD 8570.01-M IAT/IAM Level 3 Certified IAW DoD 8570.01
5+ years of cybersecurity policy writing
5+ years relevant experience providing public policy research, analysis, coordination, and advisory services
5+ years working within government organizations supporting cybersecurity risk management related policy
Recent experience and familiarity with creating/updating Assessment and Authorization (A&A) packages for RMF Authority to Operate (ATOs)
Demonstrated experience leading, managing and working DoD Policies IAW Policy Life Cycle Management (PLCM) process and procedures, and self-inspection checklists
Strong written and verbal communications skills and the ability to clearly document and explain cyber security policies
Bachelor’s Degree in Computer Science, Information Systems, or a related discipline 5 years of cybersecurity policy writing
Knowledge of the DoD cybersecurity and policy requirements set forth in DoDI 8500.01 “Cybersecurity” and DoDI 8510.01 “Risk Management Framework (RFM) for DoD Information Technology (IT) and their successors
Experience communicating with and coordinating across multiple stakeholders and teams to align to and execute unified goals and plans
The ability to effectively communicate with people ranging from non-technical to engineering level
Experience developing strategic, operational, and project plans that are measurable and practical
Familiarization with DoD enterprise environments
Familiarization with Agile work environments
COVID-19 Vaccination: GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.