Massachusetts Veterans Jobs

MassHire JobQuest Logo

Job Information

General Dynamics Information Technology Cyber Risk Management Framework (RMF) Policy Analyst – 100% Remote - Secret clearance in Devens, Massachusetts

Type of Requisition: Regular

Clearance Level Must Be Able to Obtain: Secret

Public Trust/Other Required: None

Job Family: Compliance

GDIT is seeking a Cyber Policy Analyst to support our Identity, Credential, and Access Management (ICAM) program.

As the Cyber Policy Analyst for the ICAM program, you will be responsible for supporting the ICAM Cyber Security Team with the day-to-day compliance and policy activities to ensure the program remains in good standing and maintains its accreditation. You will work closely with internal and external engineering teams, development, integration, and program stakeholders ensuring activities are performed in accordance with program objectives, policies, and regulations, and requirements.

In this role, a typical day will include:

  • Assist in identifying, developing, implementing, and maintaining policies and standards across the enterprise to reduce information security and information technology (IT) risks

  • Define, draft, publish, and maintain Information Security policies, standards, and guidelines such as Contingency Plan, Incident Response Plan, Vulnerability Management, Continuous Monitoring, Backup and Recovery, System Integrity Plan, Key Management, Media Protection, etc.

  • Assist management with ensuring compliance through management of cybersecurity metrics and development of required reports, such as Federal Information Security Modernization Act (FISMA) reports

  • Ensures that cybersecurity plans, controls, process, standard, policies, and procedures are aligned with cybersecurity standards

  • Upload documentation into eMASS system as artifacts for NIST 800-53 security control test results

  • Identify improvement actions through POA&Ms based on reviews, assessments, and other data sources

  • Develop, update, and review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports

  • Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)

  • Attend and participate in meetings related to ICAM operations, maintenance activities, TEMs, Scrums, etc. as necessary

  • Respond to ad hoc requests from the Management team accordingly

  • Participate in special projects as assigned

Required Qualifications:

  • Minimum active DoD Security Clearance of SECRET, or higher

  • Possess the appropriate certifications to achieve DoD 8570.01-M IAT/IAM Level 3 Certified IAW DoD 8570.01

  • 5+ years of cybersecurity policy writing

  • 5+ years relevant experience providing public policy research, analysis, coordination, and advisory services

  • 5+ years working within government organizations supporting cybersecurity risk management related policy

  • Recent experience and familiarity with creating/updating Assessment and Authorization (A&A) packages for RMF Authority to Operate (ATOs)

  • Demonstrated experience leading, managing and working DoD Policies IAW Policy Life Cycle Management (PLCM) process and procedures, and self-inspection checklists

  • Strong written and verbal communications skills and the ability to clearly document and explain cyber security policies

Desired Qualifications:

  • Bachelor’s Degree in Computer Science, Information Systems, or a related discipline 5 years of cybersecurity policy writing

  • Knowledge of the DoD cybersecurity and policy requirements set forth in DoDI 8500.01 “Cybersecurity” and DoDI 8510.01 “Risk Management Framework (RFM) for DoD Information Technology (IT) and their successors

  • Experience communicating with and coordinating across multiple stakeholders and teams to align to and execute unified goals and plans

  • The ability to effectively communicate with people ranging from non-technical to engineering level

  • Experience developing strategic, operational, and project plans that are measurable and practical

  • Familiarization with DoD enterprise environments

  • Familiarization with Agile work environments

COVID-19 Vaccination: GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.