Follow us on LinkedIn

#PoweringPossible

Favor TechConsulting, LLC (FTC)a wholly-owned subsidiary of Tria Federal (Tria) is seeking a talentedSenior Cybersecurity Policy Analyst.Lead the analysis, design, implementation, and support of cyber security policy-specifically as it pertains to Risk Management Framework (RMF) Step 6: Monitor-by collaborating with business customers, end-users, and project managers to capture and document business and technical requirements. Support the full lifecycle of requirements management and implementation by participating in requirements elaboration and design, and then ensuring developed written policies and other associated deliverables match requirements. Specifically, support the development of the Department of Veterans Affairs (VA) Information Security Continuous Monitoring (ISCM) Program through stakeholder engagement, policy development, metric development, and tool/data source cataloging. Apply a deep understanding of RMF, and NIST Special Publications such as 800-137, 800-37, 800-53, and 800-55 to the development of contract deliverables and all recommendations to the customer.

Responsibilities:

• Develop and update cybersecurity policies, standards, and procedures based on best practices and regulatory requirements. Ensure policies are aligned with organizational goals and objectives
• Collaborate with stakeholders to elicit, gather, analyze, and implement business requirements for cyber security policies. Participate in requirements gathering, elaboration, and refinement sessions with VA stakeholders
• Achieve complete technical understanding of the existing VA ISCM and Continuous Diagnostics and Mitigation (CDM) programs, including but not limited to:
  • Systems architecture, physical and logical network architectures, metrics, data sources and flows, dashboards, other tools, applications, and hardware in use
  • Associated objectives, strategies, plans, and other existing documentation
  • Governing and applicable policies, directives, guidance, etc.
• Develop, update, and oversee the implementation of organizational-level and system-level metrics for the ISCM Program, leveraging a deep understanding of NIST SP 800-53 and the existing tools/capabilities at the agency
• Continuously review the existing ISCM tools and data sources at the agency for changes, additions, and disposals. Document findings in a Tools Catalog with relevant information on tool interconnections, reporting frequencies, and capabilities. Provide recommendations for catalog improvements and updates
• Propose and/or coordinate reviews, development, and/or updates of security policies, processes, workflows, controls, metrics, and procedures
• Design and support the development and implementation of security policies aligned with FISMA and applicable VA documents
• Intake, upload, track, and manage business requirements, task management with project management planner and tracking tools designated by customer
• Perform problem analysis and analyze, validate, specify, and verify requirements defined by project leads, customers, and end users
• Analyze existing business processes, business requirements, and workflows to document "as is" processes and proposed "to be" solutions to guide requirements development efforts
• Facilitate executive-level virtual meetings; prepare meeting agenda, capture meeting minutes, and track outcomes and action items
• Work proactively and independently to carry out assignments to completion within parameters of instructions given, prescribed routines, and standard accepted practices
• Plan, monitor, and control relevant tasks outlined in the contract and statement of work
• Function as part of an integrated team sharing products, best practices, and information across the portfolio
• Ensure compliance with relevant laws, regulations, and standards such as HIPAA, NIST, and ISO 27001
• Conduct regular audits and policy gap analyses to verify adherence to policies and regulations
• Liaise with regulatory bodies and ensure timely reporting and documentation as required
• Communicate policy changes, security incidents, and updates to stakeholders effectively
• Act as a liaison between technical and non-technical teams to ensure clear understanding and implementation of security measures
• Ensure that third-party services and products comply with organizational security policies
• Evaluate third-party risk through regular evaluations and audits and transpose to organizational policy

• Ability to think criticality, develop requirements for a program/project, and then execute on the project from start to finish
• Experience in requirements planning, analysis, refinement, and documentation.
• Technically proficient with the ability to create functional specifications and documentation
• Experience in identifying solutions to business issues or problems and thoroughly review and document solutions
• Excellent verbal and written communication skills, including ability to effectively communicate with internal and external customers
• Strong understanding and familiarity with concepts outlined in NIST SP 800-37, 800-137, 800-53, and 800-55
• High attention to detail
• Strong problem-solving and analytical skills

Professional Certifications:

N/A

Education:

Clearance:

Ability obtain and maintain a Public Trust Clearance

Years of Professional Experience:

Required Technical/Business Tools Experience:

• Microsoft Office Suite
• Microsoft Visio
• Microsoft Project
• SharePoint

Professional Certifications:

Education:

Master's Degree