Logo
ASRC Federal

ASRC Federal is hiring: Cybersecurity Policy Analyst, DOD in Arlington

ASRC Federal, Arlington, VA, United States, 22201

Save Job

Posted Monday, September 15, 2025 at 4:00 AM

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are atop veteran employer and Certified Great Place to Work

ASRC Federal is seeking a Cybersecurity Policy Analyst who plays a pivotal role in translating complex cybersecurity principles into clear, actionable policies, procedures, and guidance. This position serves as a strategic liaison between cybersecurity, compliance, and technical teams—ensuring that documentation supports secure system development, operational compliance, and policy governance. The ideal candidate will possess deep technical writing expertise, with demonstrated experience working in cybersecurity environments supporting cloud, on-premises, and hybrid IT systems.

This role supports enterprise-wide cybersecurity policy initiatives, drives the creation and maintenance of documentation aligned with evolving standards (e.g., NIST, FISMA, HIPAA, FedRAMP), and helps shape the organization’s cybersecurity posture through impactful written guidance.

Requirements

  • Bachelor’s degree in a related area and a minimum of 5 years of experience in cybersecurity policy; additional years of experience in lieu of a degree.
  • Proven work experience in Cybersecurity Policy Development & Governance
  • Solid examples of Strategic Technical Writing & Document Management
  • Experience with Risk Management & Compliance Mapping
  • Working experience with Security Authorization (ATO/cATO) Documentation
  • Information Assurance (IA) and Control Implementation
  • Stakeholder Collaboration & Communication
  • Document Lifecycle Management
  • Cross-Functional Team Facilitation
  • Must at a minimum hold a certification that constitutes DoD 8570 IAT Level II or DoD 8140 441, 451, 452, 521, or 621 (This includes certifications such as CompTIA Security+ CE, GSEC, or SSCP)
  • Core knowledge of NIST frameworks (800-53, 800-37, 800-171), FISMA, HIPAA, FedRAMP, and other federal security mandates
    • Cybersecurity principles related to confidentiality, integrity, availability, risk, and resiliency
    • Policy and planning lifecycle in cybersecurity organizations, including governance structures and cross-department collaboration
    • Cloud computing models (IaaS, PaaS, SaaS) and associated cybersecurity considerations
    • Security control inheritance, common control providers, and system boundary documentation strategies

Responsibilities

  • Develop, revise, and maintain cybersecurity documentation, including security policies, standard operating procedures (SOPs), system security plans (SSPs), incident response guides, and risk assessments.
  • Translate technical cybersecurity concepts, frameworks, and control requirements into clear, standardized documentation for diverse audiences (engineers, auditors, program managers, and executives).
  • Lead or contribute to the development of enterprise cybersecurity strategies, policy frameworks, and governance models aligned with federal and agency-specific regulations.
  • Collaborate with cybersecurity SMEs, ISSOs, system architects, and compliance stakeholders to ensure accuracy, completeness, and alignment with regulatory requirements.
  • Analyze and interpret cybersecurity laws, regulations, and directives (e.g., NIST SP 800-53, FISMA, HIPAA, ECPA, FISA), integrating them into organizational policies and planning documents.
  • Support policy and governance working groups, participate in risk and compliance audits, and assist in remediation documentation (e.g., POA&Ms).
  • Standardize document templates and technical style guides; maintain centralized document repositories using tools such as Confluence, SharePoint, and Jira.
  • Evaluate and refine cybersecurity strategies during all phases of the system development life cycle (SDLC), including acquisition planning, implementation, and operational sustainment.

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement: ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

#J-18808-Ljbffr