InfoSec Policy Analyst

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

None

Clearance Level Must Be Able to Obtain:

None

Public Trust/Other Required:

None

Job Family:

Cyber Security

Job Qualifications:

Skills:

Security Controls, Security Policies, Security Risk, Security Risk Management

Certifications:

None

Experience:

3 + years of related experience

US Citizenship Required:

No

Job Description:

GDIT is looking for an Information Security Analyst with mastery level knowledge of IT security risk management activities under the Risk Management Framework (NIST 800-53, etc.). The position is in support of GDIT’s contract with the Administrative Office of United States Courts – Administrative Office Technology Office (AOUSC-AOTO) in Washington DC.

The successful candidate will work with the contractor team and government customers to determine, and develop, an approach to information system security solutions to meet published security requirements. The position requires strong critical thinking and analytical skills, attention to detail, and excellent oral and written communication skills:

• Develop and/or analyze Judiciary information system security plans (SSP) that conform with Judiciary Information Security Framework - JISF (based on NIST 800 Series Special Publications.)
• Help with O&M activities relating to the vulnerability management program at AOTO. (communicating with stakeholders, POA&M management, etc.)
• Use CSAM as a Security Assessment & Authorization (SA&A) management tool.
• Utilize technical expertise of computer security controls, theories, principles, practices, and functional tools for a broad range of computer security related areas, including certification and accreditation of government information and infrastructure, IT disaster recovery, business continuity planning, develop and/or analyze business impact analyses and risk management for the Judiciary’s IT systems.
• Ensure the integration of IT programs and services as required; and develop solutions to integration interoperability issues.
• Develop and implement new policies and procedures regarding security measures and implementations that are in compliance with Judiciary and AOTO policies and guidelines.
• Work with other program offices, internal and external customers throughout the information system life cycle process to ensure adequate security considerations are built into systems in accordance with applicable Judiciary guidelines (1) to protect the Judiciary systems and data assets, and (2) to ensure the continual review and implementation of information security training requirements throughout the life cycle process.
• Use vendor descriptions, technical documents and/or hands-on evaluation of applications to evaluate security controls and will work as a Subject Matter Experts (SMEs) with project managers, system administrators, network engineers and network support personnel as necessary to obtain additional information required for adequate analysis.
• Maintain a current awareness of state-of-the-art developments in INFOSEC standards, principles and policies.
• Will serve as an AOTO-IT Security representative in meetings of various projects, working groups, committees and/or teams to represent AOTO INFOSEC requirements for systems software and hardware. To effectively represent AOTO IT Security in these meetings, the candidate must maintain current knowledgeable of Judiciary and AOTO’s security architecture and evolving security requirements.
• Meet and collaborate with all levels of management within AOTO, and other program offices, and their employees and groups.
• Serve as an INFOSEC Compliance Analyst with responsibility for ensuring the confidentially, integrity, and availability of information and information systems supporting Judiciary assets throughout the planning, analysis, development, implementation, maintenance, and enhancement phases of the System Development Lifecyle using information system security programs, policies, procedures, and tools.
• Provide expertise on AOTO’s IT security architecture; emerging technologies and their applications to business processes; IT security concepts, standards, and methods; developing plans and schedules, defining milestones and deliverables, monitoring activities, and evaluating and reporting on accomplishments.
• Perform other duties as assigned.

REQUIRED SKILLS:

• At least 3 years at a Federal Agency (preferably Executive Branch) working with NIST 800 Series publications as a Risk Management Framework SME
• At least 8 years of progressive IT experience including at least Five (5) years’ experience in IT security policy, including certification and accreditation (C&A) and/or IT security risk analysis, preferably in support of the Federal Government
• Mastery level knowledge of security controls, system security plans, principles and theories pertaining to providing security and protection to IT resources.
• Mastery level knowledge and experience applying government standards, including NIST Risk Management Framework (SP 800-37), and NIST 800-53.
• Mastery level knowledge of information systems security standards such as NIST and Federal Government requirements.
• Industry best practices, standards and guidelines involved with the protection of hardware, software, and telecommunications equipment and services, to accomplish Security Assessment & Authorization activities.
• The work requires exceptional understanding, coordination and integration of Judiciary Information Security Framework (JISF) compliance activities, which requires its own body of knowledge and research. Decisions and actions taken by candidate will have a direct and substantial impact on services rendered.
• Knowledge of methods and tools used for risk management and the mitigation of risk for information systems and data. This requires a technical mastery of, and hands on experience using, risk assessment methods to determine vulnerabilities in local environments, processing procedures, personnel and other system components.
• Technical understanding of integration of IT programs and services in a multi-location Wide Area Network; and the security controls, tools and techniques used to secure multiple platforms and operating systems through channels offering differing levels of trust and reliability.
• Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
• Ability to use judgment, initiative, and resourcefulness in deviating from established methods to modify, adapt, and or refine broader guidelines to resolve specific complex problems; research trends and patterns; develop new methods and criteria; and or propose new policies and practices.
• Excellent researching, oral and written communications skills required as candidate will have frequent interactions and information gathering sessions with coworkers and customers.

EDUCATION/CERTIFICATIONS:

• Bachelor’s degree required, master’s degree preferred
• Industry leading certifications relating to IT security (CISSP, GIAC, etc.).

The likely salary range for this position is $121,680 - $149,500. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

None

Telecommuting Options:

Remote

Work Location:

USA DC Washington

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans