IT SEC POLICY SPECIALIST - SRMILITARY FRIENDLY PREFERRED - HOH SPONSORSUMMARY:Zermount, Inc. is seeking an IT Security Policy Specialist - SR to provide subject matter expertise in the review and analysis of Executive Orders (EO's) (e.g., EO 14028), OMB Memoranda (e.g., OMB M-22-09, M-21-31, etc.), federal requirements and laws, Department directives, policies, and processes. Candidates must use these analyses to develop agency-level policies, processes, procedures, standards, and guidelines by collaborating with stakeholders to understand, document, and implement effective business processes in support of the agency's mission and initiatives. DUTIES RESPONSIBILITIES: The IT SEC Policy Specialist - SR will provide the following support and services:Review and interpret Executive Orders (EOs), OMB memos, Public Law (PL), DHS directives such as Binding Operational Directives (BODs), DHS Undersecretary Memos, NIST SPs, best practices, etc. to provide recommendations and potential solutions to meet policy requirements. Conduct gap analyses in existing agency policy documentation (policies, processes, SOPs, standards, guidelines, white papers, and training), compliance with cybersecurity mandates, requirements, and best practices. Develop reports and roadmaps to meet compliance requirements and obtain client approval to implement appropriate policy documentation. Provide the guidance and insight necessary to meet requirements established through OMB Memoranda or EOs. Assist leadership with initiatives to include planning, scheduling, guidance, solutions, reporting, performance metrics, and recommendations.Review and interpret Executive Orders (EOs), OMB memos, Public Law (PL), DHS directives such as Binding Operational Directives (BODs), DHS Undersecretary Memos, NIST SPs, and recommended best practices. Provide recommendations and potential solutions to meet requirements.Conduct gap analyses in existing Agency policy documentation (policies, processes, SOPs, standards, guidelines, white papers, and training) for compliance with Cybersecurity mandates, requirements, and best practices. Develop a report and roadmap to meet compliance requirements and obtain client approval to implement appropriate policy documentation.Provide guidance and insights necessary for meeting requirements established through OMB Memos or Executive Orders.Assist leadership with initiatives, including planning, scheduling, guidance, solutions, reporting, performance metrics, and recommendations.Assist and support all internal and external data calls, requests, audits, compliance, and updates-ensuring accurate information and statuses are obtained and provided.Manage the policy inquiry/intake mailbox or policy help desk, tracking and resolving cybersecurity policy-related questions.Conduct internal and external policy research to support help desk policy inquiries using various sources and approved documentation.Review, interpret, create, edit and update cybersecurity policy documents utilizing the Agile methodology.Modify/update existing cybersecurity-related policies including Standard Operating Procedures (SOPs), Technical Standards (TSs), Management Directives (MDs), Cloud Computing Security Handbook (CCSH), TSA Forms, Open-Source Software (OSS) Guide, Sensitive Security Information (SSI) Program, Privacy Office document reviews, and related notification memos capturing summary of changes.Support the client in interpreting and implementing IT public policy initiatives.Assist with long-term strategy development, tracking legislation, and making policy recommendations.Review, interpret, edit, create, and update cybersecurity policy-related documents utilizing an Agile approach.Create new cybersecurity policy documents as needed to address identified gaps or changes stemming from EO's, OMB M's, NIST, DHS, or TSA mandates.Modify/update existing cybersecurity-related policy standard operating procedures (SOPs), technical standards (TSs), management directives (MDs), CCSH, TSA Forms, Open-Source Software (OSS) guide, SSI Program, and Privacy Office-related document reviews. Capture a summary of changes in related Notification Memos.Meet with customers often daily to relay progress and establish priorities.Quality Assurance and ReportingThe IT SEC Policy Specialist - SR is responsible for delivering high-quality outputs, ensuring that all deliverables meet or exceed the client's expectations and are completed on time. Individual weekly status reports and corresponding briefings are required. These briefings should provide a concise overview and clarify all data in the weekly status report for both management and the government client. The weekly status report must reflect the following details:Weekly work accomplished with correlation to current project schedule2 weeks of ongoing and planned tasksRisks, and issues impacting assigned tasks.QUALIFICATIONS:Knowledge of NIST Guidelines and FISMA cybersecurity compliance requirementsTechnical knowledge of complex enterprise IT systemsHighly skilled with Microsoft Word; knowledgeable and skilled with Excel, PowerPoint, Outlook, SharePoint, and ProjectExperience following a detailed project schedule and driving outcomes that meet planned task completionKnowledge of and experience using relevant cybersecurity analysis tools such as Archer, Nessus Security Center, Splunk, Elastic, tenable, etc.Experience communicating effectively, both orally and written, with technical, non-technical, and executive-level customersExperience with in-depth analysis of cybersecurity, IT, and Risk Management requirements and principlesAbility to work autonomously using effective communication and collaboration skills to obtain necessary information and analyze its importance to current projects Apply process improvement, re-engineering methodologies, and internet-related methodologies and principles to conduct process modernization projects Ability to supervise and direct other contracted process re-engineering and policy specialistsStrong analytical and problem-solving skills, with a proven ability to conduct gap analyses and develop comprehensive reports.Exceptional attention to detail, ensuring all policy documents and communications are accurate, clear, and compliant with relevant mandates and best practices.Excellent written and verbal communication skills, with the ability to convey complex information in a clear and concise manner.Strong interpersonal skills, with the capability to collaborate effectively with various stakeholders, including government clients and internal teams.EDUCATION: Minimum of a Bachelor of Science (or higher) in one of the following fields of study: computer engineering, computer science, IT, cyber security, or a related field AND 7 years of IT Cybersecurity experience including direct support of the US government and 4 years acting as an ISSO, Assessor, or Compliance Analyst.Without a B.S. degree, a minimum of 10 years of IT cybersecurity experience including direct support for the US Government will be accepted.CERTIFICATIONS:A minimum of at least one of the following certifications is required: Certified Authorization Professional (CAP), Certified Chief Information Security Officer (C|CISO), Certified Information Security Manager (CISM), OR Certified Information Systems Security Professional (CISSP).CLEARANCE:Minimum of an active Secret Clearance. LOCATION:Primarily Remote (Onsite work in Arlington, VA or in the United States may be occasionally required). HOURS OF OPERATION:8:00 am EST - 4:30 pm EST.
