What are the responsibilities and job description for the Cybersecurity Policy Analyst position at SPECIAL AEROSPACE SECURITY SERVICES INC?
Cybersecurity Risk Policy Analyst
Location: Remote
Clearance Required: Minimum Secret
Employment Type: Full Time, Regular
Job Description:
Special Aerospace Security Services, Inc. (SASSI) is seeking a Cybersecurity Risk Policy Analyst to support a United States Government client. The Analyst will join a collaborative multi-disciplinary team focused on strengthening cybersecurity governance and compliance across Federal environments. This role emphasizes writing, reviewing, and implementing cybersecurity policies and procedures aligned with RMF (Risk Management Framework), NIST guidance, and broader Governance, Risk, and Compliance (GRC) strategies.
Work Environment:
This is a remote position; however, the selected candidate is expected to maintain a full-time presence during normal business hours. The employee must be consistently available and responsive to the team and client during core business hours of 8:30 AM to 3:30 PM EST, Monday through Friday (flexible working hours between 7:00AM to 6:00PM). Participation in virtual meetings, collaborative working sessions, and prompt communication via Microsoft Teams, email, and other platforms is required to ensure alignment with other (GRC) team members and project stakeholders.
Primary Responsibilities:
- Lead and support the development, implementation, and governance of cybersecurity policies and procedures.
- Collaborate with stakeholders, mission organizations, and technical teams to define security requirements and align governance objectives.
- Develop and update policies and documentation supporting RMF controls, including System Security Plans (SSPs), Vulnerability Management, Configuration Management, Change Management, and Incident Response.
- Provide expert knowledge in Federal cybersecurity regulations, including NIST SP 800-53/37, FISMA, OMB guidance, and RMF processes.
- Perform qualitative and quantitative security risk assessments to identify gaps, evaluate threats, and recommend mitigation strategies.
- Guide the implementation of Zero Trust Architecture and contribute to cyber resilience strategies.
- Assist in Continuous Monitoring, A&A documentation, policy lifecycle management, and GRC tool support.
- Engage in technical and non-technical report writing, including risk analysis reports and governance briefings.
- Write, edit, and format formal cybersecurity documentation, policies, and procedures to meet Customer standards and ensure clarity, consistency, and compliance.
- Ensure all deliverables follow professional documentation standards including proper grammar, formatting, structure, and version control.
- Deliver training and advisory support to stakeholders on cybersecurity governance, policy compliance, and RMF processes.
- Ensure consistent high-quality deliverables and communication with clients.
Basic Qualifications:
- US Citizenship
- Must pass a background investigation
- Active Secret clearance (minimum)
- 5 years of information security experience
- 2 years developing and maintaining cybersecurity policies and procedures
- 2 year of RMF implementation experience focused on cybersecurity controls
- Exceptional attention to detail and accuracy in all documentation and analysis
- Proven ability to navigate and influence complex organizations and deliver policy initiatives to senior leadership and technical teams.
- Strong knowledge of security governance, compliance, and risk management frameworks.
- Demonstrated ability to perform technical writing, editing, and document formatting in compliance with GRC documentation standards
- Familiarity with:
- NIST, ISO, FISMA, OMB, COBIT, FAIR, SIG, CCM, SOC-2, HITRUST, PCI, GDPR
- Proficient in tools and processes to:
- Facilitate meetings, organize virtual collaboration, and deliver presentations via Microsoft Teams
- Excellent analytical, communication, and technical writing skills
- Ability to engage with client leadership on daily operational and strategic matters
Desired Tools & Platforms:
- RMF Tools
- Governance, Risk, & Compliance Tools (e.g., ServiceNow Xacta, RSA Archer)
- DISA STIGs, CIS Benchmarks
- ServiceNow
- RedSeal, Tenable, Splunk, Cortex XDR
- Phishing simulation tools
- Penetration testing tools: Nmap, Wireshark, Nessus, Metasploit, Burp Suite
Desired Skills:
- Drafting government policies, RMF SSPs, and A&A documentation
- Risk analysis techniques (qualitative and quantitative)
- Technical and non-technical report writing
- Document formatting best practices (headers, styles, templates, tables, TOCs)
- Technical writing methodologies
- Zero Trust Architecture (ZTA) principles
- Cyber Resilience Assessment Methodology
Certifications:
- Required: DoD 8570.01 IAM Level II (e.g., CAP, CASP , CISM, CISSP [Associate], GSLC)
- Preferred: CISSP, CISA, or other advanced cybersecurity certifications
Education:
- Preferred: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related discipline
Salary : $125,000 - $160,000
