Position: Cyber Security and Policy Analyst
Location: Hybrid - Montpelier, VT
Duration: Long term
Skills & Qualifications
- 5+ years of experience in policy analysis, with a focus on cybersecurity policies.
- Strong understanding of cybersecurity frameworks such as NIST, ISO 27001, and CISA standards.
- Experience working on government or public sector projects related to cybersecurity policy or IT governance.
- Excellent analytical skills, with the ability to review complex regulations and synthesize them into actionable policy recommendations.
- Proven experience in developing and updating cybersecurity policies, particularly in the public sector.
- Strong communication skills, with the ability to work with both technical teams and non-technical stakeholders.
Education
- Bachelor's and/or master’s degree in computer science or in IT related field.
Responsibilities
- Conduct comprehensive reviews of agency’s existing cybersecurity policies, procedures, and standards to identify gaps and areas for improvement.
- Assist in the drafting and updating of the FFY23 Cybersecurity Plan, ensuring alignment with state and federal cybersecurity frameworks (e.g., NIST, CISA).
- Collaborate with the Senior Project Manager and technical teams to ensure that cybersecurity strategies meet compliance and policy requirements.
- Analyze federal and state regulations to ensure project activities and deliverables comply with applicable cybersecurity laws and standards.
- Develop, review, and update policies related to incident response, data protection, access control, and other cybersecurity practices.
- Support the drafting of contracts and policy documentation for submission to CISA and DHS.
- Work closely with stakeholders to gather feedback on policy updates and incorporate revisions as needed.
- Assist in the development of the long-term cybersecurity strategy for fiscal years FFY23-25, providing policy insights.
- Monitor evolving cybersecurity regulations and trends to ensure Vermont’s policies remain current and compliant.