What are the responsibilities and job description for the Cyber Policy and Strategy Planner (Senior) REMOTE position at Crest Security Assurance?
Cyber Policy and Strategy Planner (Senior)
i. Develops and maintains cybersecurity and privacy plans, strategy, and policy to support and align with organizational cybersecurity and privacy initiatives and regulatory compliance. Reviews existing and proposed policies with stakeholders. Interprets and applies applicable laws, statutes, and regulatory documents and integrates into policy. Provides policy guidance to cyber management, staff, and users. Seeks consensus on proposed policy changes from stakeholders.
i. Must be a US Citizen
ii. 7 years of relevant cyber security experience.
iii. BA/BS recommended in computer science, computer engineering or equivalent work experience or formal legal training with security and privacy specialization.
iv. 3-5 years of practical knowledge of policy areas typically obtained through advanced education combined with experience. Legal training and experience in policy development a plus.
v. One of the following certifications:
a. EC-Council Disaster Recovery Professional (EDRP)
b. EC-Council Certified Ethical Hacker (CEH)
c. Federal Acquisition Certification - Program and Project Management (FAC - P/PM) - Senior/Expert
d. FISMA Certified FISMA Compliance Practitioner (CFCP)
e. GIAC Information Security Professional (GISP)
f. GIAC Security Essentials Certification (GSEC)
g. ITIL v3 Foundations
h. ISACA Certified in the Governance of Enterprise IT (CGEIT)
i. ISACA Certified Information Security Manager (CISM)
j. ISC2 Certified Authorization Professional (CAP)
k. ISC2 Certified Information Systems Security Professional (CISSP)
l. ISC2 CISSP Information Systems Security Management Professional (CISSP-ISSMP)
i. Review existing and proposed policies with stakeholders.
ii. Interprets and applies applicable laws, statutes, and regulatory documents and integrates into policy.
iii. Analyzes organizational cybersecurity and privacy policy.
iv. Assess policy needs and collaborate with stakeholders to develop policies to govern cybersecurity and privacy activities.
v. Draft, staff, and publish cybersecurity and privacy policy.
vi. Seeks consensus on proposed policy changes from stakeholders.
vii. Provides policy guidance to cybersecurity and privacy management, staff, and users.
viii. Define and integrate current and future mission environments.
ix. Monitor the rigorous application of cybersecurity and privacy policies, principles, and practices in the delivery of planning and management services.
x. Review, conduct, or participate in audits of cybersecurity and privacy programs and projects.
xi. Develop policy, programs, and guidelines for implementation.
xii. Establish and maintain communication channels with stakeholders.
xiii. Ensure that cybersecurity and privacy workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
xiv. Promote awareness of cybersecurity and privacy policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
xv. Design/integrate a cybersecurity/privacy strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.
xvi. Serve on agency security and privacy policy boards.
xvii. Advocate for adequate funding for cybersecurity and privacy training resources, to include both internal and industry-provided courses, instructors, and related materials.
xviii. Review/Assess cybersecurity and privacy workforce effectiveness to adjust skill and/or qualification standards.
i. Skill in preparing cybersecurity and privacy policy plans and related correspondence.
ii. Skill in drafting, editing and publishing cybersecurity and privacy policy documentation
iii. Skill in talking to others to convey information effectively.
iv. Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
v. Skill in applying policy implementation and delivery capabilities.
vi. Skill in identifying gaps in policy implementation and delivery capabilities.
vii. Skill in utilizing feedback to improve processes, procedures and, services related to cybersecurity and privacy policy implementation.
i. Ability to work from narrative interaction with senior managers and subject matter experts to produce insightful cybersecurity and privacy policy initiatives
ii. Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cybersecurity and privacy policy issues.
iii. Ability to monitor advancements in information technologies that affect cybersecurity and privacy policy and ensure appropriate organizational adaptation and compliance.
iv. Ability to evaluate information for reliability, validity, and relevance.
v. Ability to develop, update, and/or maintain policies and standard operating procedures (SOPs).
vi. Ability to develop clear policy directions and effective presentation materials.
vii. Ability to produce policy documentation.
viii. Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
ix. Ability to prepare and present briefings.
x. Ability to answer questions in a clear and concise manner.
xi. Ability to ask clarifying questions.
xii. Ability to function in a collaborative environment, seeking continuous consultation with analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
xiii. Ability to map cybersecurity and privacy principles to policy implementations (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
i. Knowledge of NIST Risk Management Framework (RMF) requirements.
ii. Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
iii. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
iv. Knowledge of the organization's core business/mission processes.
v. Knowledge of risk/threat assessment.
vi. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
vii. Knowledge of industry-standard and organizationally accepted analysis principles and methods.
viii. Knowledge of specific operational impacts of cybersecurity and privacy lapses.
ix. Knowledge of computer networking concepts and protocols, and network security methodologies.
x. Knowledge of cybersecurity and privacy principles.
xi. Knowledge of cybersecurity and privacy threats and vulnerabilities.
xii. Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
xiii. Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
xiv. Knowledge of resource management principles and techniques.
xv. Knowledge of system life cycle management principles, including software security and usability.
xvi. Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
xvii. Knowledge of enterprise incident response program, roles, and responsibilities.
xviii. Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
xix. Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
xx. Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
xxi. Knowledge of sustainment technologies, processes and strategies.
xxii. Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
xxiii. Knowledge of who FDIC's operational planners are, how and where they can be contacted, and what are their collaboration expectations.
xxiv. Knowledge of network privacy architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
xxv. Knowledge of encryption methodologies.
xxvi. Knowledge of Personally Identifiable Information (PII) data security standards.
xxvii. Knowledge of Payment Card Industry (PCI) data security standards.
Job Type: Full-time
Pay: $135,000.00 - $145,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Health insurance
- Paid time off
- Vision insurance
Schedule:
- Monday to Friday
Application Question(s):
- Are you a US citizen?
- Please confirm which active certification you have from the job posting list.
Work Location: Remote
Salary : $135,000 - $145,000
