ASCENDING LLC is Hiring a Senior Security Analyst Near Tallahassee, FL
HYBRID IN TALLAHASSEE, FL (GOVERNMENT PROJECT)Scope of Work
• A bachelor’s degree in cybersecurity, information technology, computer science, English or a
related field.
• 6 years of experience in IT security related responsibilities
• 2 years of demonstrated experience producing information security related documentation
addressing procedures, standards, and guidelines to ensure information security. This includes
proficiency in formulating policies and procedures aligned with the National Institute of Standards
and Technology Cybersecurity Framework or analogous sectors.
• Knowledge of and a comprehensive understanding of the NIST Cybersecurity Framework, including
its core functions, categories, and subcategories.
• Ability to interpret and apply NIST CSF guidelines to develop tailored cybersecurity policies and
procedures suitable for the organization's needs.
• Experience in translating complex technical concepts into easily understandable and implementable
policies and procedures, catering to diverse stakeholders.
• Experience in organizing documentation to facilitate easy navigation and understanding.
• Experience in managing versioning and track changes in policy documents.
• Clear and concise communicator capable of articulating complex cybersecurity concepts in both
written documentation and verbal presentations.
• Experience in working independently (taking initiative) while working in a team environment
(cooperating with team members and supporting team members).
• Knowledge understanding of basic security principles relating to confidentiality, integrity, and
availability, risk assessments, administrative controls, technical controls, disaster recovery, etc.
Preferred Experience:
• Relevant certifications such as Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
• Information Security Certification(s) E.g. CISSP, CISM, CISA, GIAC, CISA, CISM, CCIE Security,
CompTIA, etc.
• Track record of successfully creating, reviewing, and updating policies and procedures, specifically
in the realm of cybersecurity and in alignment with NIST standards.
• Knowledge of relevant industry-specific regulations, compliance requirements, and standards
beyond NIST, such as ISO/IEC 27001, or industry-specific frameworks.
• Strong interpersonal skills to collaborate with cross-functional teams, stakeholders, and
management to gather requirements and address cybersecurity concerns effectively.
• Experience with Microsoft Word, Excel, and PowerPoint. (Visio a plus).
• Conduct an assessment of the organization's current cybersecurity policies and procedures against
the NIST CSF framework. Create comprehensive policies and procedures based on the NIST CSF framework.
• Identify gaps and areas where policies and procedures need to be developed or revised to align
with NIST CSF guidelines.
• Draft clear and concise policies addressing cybersecurity governance, risk management, asset
management, access control, incident response, and other relevant areas.
• Ensure that developed policies and procedures align with each of the five core functions of the NIST
CSF.
• Map organizational processes and controls to the appropriate categories within the framework.
• Develop detailed procedures that operationalize the cybersecurity policies based on the NIST CSF
guidelines.
• Engage with key stakeholders, cybersecurity teams, IT personnel, and department heads to gather
insights and information necessary for the development of policies, standards, procedures, work
details or other relevant required documentation.
• Collaborate with these stakeholders to ensure that the policies and procedures are practical,
feasible, and aligned with organizational goals.
• Maintain accurate documentation of developed policies and procedures.
• Implement a version control system to track changes, updates, and revisions made to the
documents over time.
• Prepare reports and presentations detailing the status of cybersecurity compliance and the
effectiveness of NIST CSF-based policies and procedures.
• Communicate findings, recommendations, and updates to relevant stakeholders and management.
• Collaborate with IT and security teams, legal, compliance, and other relevant departments to ensure
a cohesive and integrated approach to cybersecurity.
Job Summary