What are the responsibilities and job description for the Cybersecurity Policy Analyst with IRS Clearance position at 3M Consultancy?
Job Title: Cybersecurity Policy and Compliance Analyst
Location: Arlington, VA.
Duration: Full-Time.
Active IRS MBI is required.
The Position:
Our client has an exciting opportunity to be a Cybersecurity Policy and Compliance Analyst as part of our growing team. The ideal candidate will work closely with our client to develop automated methods to monitor and measure risk, compliance, and assurance efforts in a fast-paced, Cybersecurity environment.
Role Specific Duties:
Create risk profiles by comparing platforms against technical baseline configuration standards from DoD DISA STIGS and CIS (Center for Internet Security) and determine potential deviations from agency policy manual.
Assist with documenting platform specific rationales for baseline configuration deviations.
Responsible for documenting the draft version of the Checklist Adjudication Workbook and Checklist Adjudication Summary
Responsible for uploading all documents to the team SharePoint sites.
Perform analysis of stakeholder submitted bugs and exception (deviation) requests. Document analysis within the internal team template.
Ability to translate technical needs and operational needs to broader audiences of varying technical backgrounds.
Ability to communicate effectively with upper management and customers on the Adjudication outcomes and needs of the Checklist Adjudication Process.
Ability to conceptualize process and standards for internal activities, as evolution and maturation are paramount to the project.
Ability to document team process and activities complying with team SOPS and process guides.
Use Agency ticket management and change control processes to record defects and to manage changes.
Use Qualys Policy Compliance tool for the adjudication process.
Perform stakeholder activities to support Checklist Adjudication
Validating Gold machines for Adjudication
Validating Platform Stakeholders
Managing the Adjudication Stakeholder distribution List in Outlook
Providing communication of Adjudication outcomes as well as exception request outcomes
Providing knowledge transfer of Adjudication process to stakeholder audiences
Manage quarterly IRM policy updates and verify required platform policy updates, to initiate new adjudication cycles for the various platforms.
Investigate enterprise devices by analyzing logs for adjudication and exception request purposes
Assist with stakeholder issue resolution regarding Data Quality. Assist in investigation activities to support data quality within, Qualys and Splunk.
Create, update, track and manage User Stories for agile project tracking.
Assist with updates to the Adjudication Master Tracker, Feedback Forms Tracker.
Designs and prepares technical reports and presents them to senior leadership.
Analysis and reporting role related to vulnerability management of agency security posture.
Collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.
Provide guidance in effective implementation of policies, standards, procedures, and technical guidance to protect systems, personnel, and information.
Continuously update all documentation as required.
Support ad-hoc requests as necessary.
Requirements
Required Qualifications:
Bachelor’s Degree in Engineering, Computer Science, Information Technology, or Science
5 years’ experience in a Cybersecurity Analyst, Cybersecurity Specialist, or a similar role in the Cyber domain
Strong experience with policy and compliance adjudication against DISA STIGS and/or CIS
Experience using Qualys network scanning, compliance, and remediation.
Knowledge and familiarity with the Enterprise Splunk Tool
Knowledge of IRS IRM Security Policy 10.8 Information Technology Security
Possesses a good understanding of IT security systems, architecture, and network topologies
Experience with Federal agencies/Federal contract work
Experience with Risk Management Framework (RMF)
Experience conducting and documenting vulnerability assessments
NIST 800-53 Rev 5 Standards (CM and SI Families)
Understanding of FISMA compliance
Experience with the development and writing of risk-based documentation
CISSP, GIAC, CISM, or CISA preferred
Public Sector clearance with another agency is desirable.
