Policy Analyst

Amyx is seeking to hire a Policy Management Professional to support our DOE NNSA contract in the Washington, DC area. NNSA OCIO IT and cybersecurity policy requirements are determined by legislative directives and federal regulations that specify the IT and cybersecurity responsibilities for the head and CIO of executive agencies, responsibilities established by DOE, and responsibilities assigned and designated by the NNSA Administrator.

The contractor shall satisfy its IT and cybersecurity policy responsibilities by providing the administrative and business support that implement the following activities.

• Review and assess current legislative laws, federal regulations, OMB guidance, operational issues, and mission requirements in regard to NNSA OCIO IT and cybersecurity policy needs.
• Perform policy gap analysis based on NNSA CIO roles and responsibilities and NNSA’s Strategic Plan in reference to current legislative laws, federal regulations, OMB Guidance, operational issues, and mission requirements.
• Discuss and provide resolution to policy gaps and issues with Federal NNSA OCIO IT and cybersecurity subject matter experts (SMEs), as applicable.
• Coordinate with NNSA OCIO senior leadership to facilitate the development, review and approval of IT and cybersecurity policies and procedures.
• Develop applicable IT and cybersecurity policies, procedures, standards, and guidelines related to the management, use, availability, accessibility, integrity, privacy, disclosure, preservation, and disposal of records, information and IT throughout its life cycle.
• Ensure the accuracy and adequacy of IT and cybersecurity policies, procedures, standards, and guidelines related to the security of the Agency’s information and IT.
• Direct and lead the revision processes for the IT and cybersecurity policy with the NNSA OCIO.
• Work collaboratively with the NNSA OCIO IT and cybersecurity SMEs to review, revise, and update IT and cybersecurity policies on a timely basis.
• Coordinate and manage federal and contractor employees with the review and comment on draft directives, current legislative, federal regulations, OMB guidance, operational issues, and mission requirements for content, relevance, applicability, accuracy, and impact.
• Provide summary and feedback/recommendations on draft directives, current legislative, federal regulations, OMB guidance, and any other documents that are submitted for review and comment.
• Coordinate and obtain concurrence with NNSA OCIO SMEs and other program and field office SMEs in oversight of IT and cybersecurity policy and procedure reviews.
• Ensure policy documents and their development are properly documented, tracked, and maintained for revision and disposition.
• Ensure the IT/Cyber Roadmap is maintained and kept up to date with current policies, laws, and regulations.
• Maintain organizational email account(s) to answer questions, provide policy guidance, track issues or log complaints, maintain POC contact lists, and keep NNSA generally abreast of issues affecting compliance with policies and regulations.
• Attend meetings related to IT and cybersecurity policies and inform NNSA OCIO senior leadership and other NNSA OCIO staff on important updates related to policy development and updates in relation to current legislative, federal regulations, OMB guidance, operational issues, and mission requirements.
• Identify and define detailed functional requirements and use cases relating to maintaining the NNSA OCIO policy process and Requirements Traceability Matrix.
• Ensure all personnel receive proper training on the use of any applications, platforms or tools related to the management of data and information that manages policies, i.e., SharePoint, ServiceNow, Excel Spreadsheets, or Microsoft Word.
  
  
  

Proven collaboration with cross-functional teams.

Excellent research and analytical skills, with the ability to synthesize complex information from multiple sources to inform policy decisions.

Effective communication skills, both written and verbal, with the ability to convey technical information to non-technical audiences.

Understanding of NIST cybersecurity frameworks.

Must have a DOE Q Clearance or TS Clearance.