Be on Alert – Fraudulent Employment Offers. Learn More
Cyber Policy Analyst - Vendor Risk Management
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
ICF seeks a Security Policy Analyst to support federal, public-private collaboration efforts focused on Governance, Risk and Compliance in the cyber security area. In this role you will utilize your Cyber competencies to provide policy, program and risk management expertise. You will support the client’s activities related to third-party risks for various systems and initiatives in the client Federal IT organization.
This position is part of a large, business analysis and management support services contract for a federal civilian agency and is based on our client site in Arlington, VA.
What you’ll be doing:
- Support the client in working proactively with the various vendors and intersecting organizations to implement practices that meet the organizational risk management policies and standards.
- Support vendor-focused risk assessments that evaluate the environment and estimate the level and trends of inherent risk, the effectiveness of associated controls and the level and trends of residual risk
- Proactively identify vendor-related risks across the assigned internal and external projects.
- Document risk(s) within the Vendor Management processes in the client IT organization.
- Interface with cyber security subject matter experts to gather input and develop policy analysis and reports.
- Use your experience with the NIST 800 series publications to maintain and update security policies and SOPs, especially those related to IT vendor management.
- Work with the training developer to ensure the mandatory security training content for vendors and contractors reflects the appropriate policies and guidance.
- Provide planning, documentation, logistics, and execution support for public-private cyber security and risk management meetings and events.
- Support audit-related data calls, Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
- Provide management and operational reporting on findings to ensure prioritization for remediation and closure.
- Utilize FISMA and FedRAMP expertise to evaluate new client systems or major upgrades.
- Lend cybersecurity and risk management expertise for various initiatives and programs.
- Research, review and report various best practices, industry cyber security developments, standards, and guidelines.
- Coordinate with internal and external partners to assess stakeholder needs and increase program efficacy.
- Experience managing third-party risks in a multi-vendor environment. Federal IT experience is strongly preferred.
- Direct experience with FISMA/NIST 800 series publications is required.
- Demonstrated experience in planning and managing Cyber Security projects.
- Experience writing and editing security-related policies, procedures and training content.
- Hands-on experience with assessing, designing, or implementing security programs or specific capabilities, including governance, incident response, threat intelligence, security monitoring, and vulnerability management.
- Program/project management experience.
- Bachelor’s degree with 5+ years’ experience in Cybersecurity and risk management best practices
- Certifications that are strongly preferred (not required): CISA, CISSP, other Microsoft certifications
- PMP Certification
- Experience developing or analyzing public policy.
- Experience in designing and implementation of standards and best practices.
- Strong customer facing experience.
- Strong analytical, problem-solving and decision making capabilities.
- Strong written and verbal communication skills.
- Aptitude for working autonomously and prioritizing.
- Ability to multi-task and prioritize according to changing circumstances.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation and Gender Identity)
Pay Transparency Statement: For more information, please click here: https://www.dol.gov/ofccp/pdf/pay-transp_formattedESQA508c.pdf
Virginia Client Office (VA88)