- 29-Jul-2022 to Until Filled (HST)
- Cayuse Technologies
- Arlington, VA, USA
- Full Time
Cayuse Technologies started as a joint venture between Accenture, LLC and the CTUIR in 2006 to create a US-based alternative to offshore delivery centers as a node on Accenture's global delivery network. Cayuse Holdings was created in 2018 and is comprised of 10 family companies, in addition to Cayuse Technologies. Cayuse Holdings is headquartered near Pendleton, OR and has regional offices in Atlanta, Salt Lake City, Seattle, Honolulu, and Washington D.C. Cayuse Holdings continues to be a 100% Indian Owned Economic Enterprise and is a foremost provider of responsible sourcing/certified diversity solutions for both commercial and government clients.
POSITION OVERALL DESCRIPTION
This position will be responsible for assessing current Department policies and addressing gaps through development of an overall governance framework for a significant business critical portfolio of automated, cloud-based systems. The framework shall incorporate industry best practices such as FEDRAMP, DoD Security Technical Implementation Guides, CIS Benchmarks, Microsoft best practices and others. The position requires routine interfacing with development and business teams to create documentation and training; translate policy requirements into day to day operational requirements; ensure compliance with federal regulations; and optimize current A&A processes to ensure rapid adoption across bureaus and other entities within the Department.
We aren't just looking for a Policy Analyst, we're actually looking for a Functional SME Policy Analyst. Is that you? Read the job description, complete the application, Let's Talk...
- Leverage knowledge of U.S. federal government cyber mandates, directives, standards and industry best practices and threat intelligence in shaping Department policy.
- Create or establish security standards/baselines for cloud-based platforms
- Establish and maintain cyber security policy, process and/or standard into contractual language of implementers and Cloud services, to ensure security is built-into product delivery.
- Influence the CTO Architecture with security processes and standards, creating data access and compliance dashboards.
- Understand and track data dependencies and encryption policies at rest, in transit, how it's used in applications, including data retention and privacy policies with regard to PII collection.
- Establish CTO Security processes and standards to enhance, automate and monitor security controls in accordance with established Department guidelines
- Establish a CTO security baseline across platforms.
- Assess enterprise-wide cyber policy and federal policy, identify gaps for the development and operations of a broad, cloud-based business portfolio, and develop local policy and practices to fill identified gaps.
- Evolve local policies and practices to reflect changes in technical cyber threats.
- Assist in the definition and maintenance of cybersecurity policies and standards.
- Identify key cybersecurity controls required based on an understanding of the agency's cybersecurity risks and business objectives, and considering key threats, client requirements, regulatory requirements, and technology trends.
- Understand and interact with related disciplines through committees to consistently apply cybersecurity policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.
- Work closely with the PM and other Stakeholders to ensure collaboration and alignment.Work with Cybersecurity Risk Management and Cybersecurity Compliance team.
- Develop and maintains relationships with compliance leaders in member firms.
- Participate in security policies and standards management working group.
- Bachelor's degree in business administration, a technology-related field, or equivalent education-related experience.
- Minimum of ten (10) years combined experience in related work with Government IT Policy or Information Security / Cybersecurity domain with a focus on policies and/or cybersecurity governance and risk management.
- TS Clearance
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards, and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Sound knowledge of business management and information / cybersecurity policies and standards.
- Strong knowledge and understanding of information security legal and regulatory requirements.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework.
- Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Knowledge of Department Foreign Affairs Manuals and Foreign Affairs Handbook (FAM/FAH) a plus.
• Normal physical conditions
• General office environment
• Must be able to sit for long periods of time looking at computer screen
• May be asked to work a flexible schedule which may include holidays
• May be asked to travel for business or professional development purposes
• May be asked to work hours outside of normal business hours
As an equal opportunity employer, Cayuse Technologies is committed to a diverse workforce. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants that require accommodation in the job application process may contact our Recruiting Department at (541) 278-8200 for assistance.