Key skills
LeadershipCommunication
About this role
EY is a global leader in assurance, consulting, tax, strategy, and transactions, dedicated to building a better working world. The Cyber Security Policy Analyst will contribute to the strategic direction and execution of the GPS information security program, focusing on enhancing security posture and compliance within a regulated environment.
Responsibilities:
- Work with executive leadership to develop, maintain, and govern information security PSGs supporting the GPS Information Security Program
- Translate recommendations from domain professionals, vendor and industry standards, guidelines and leading practices into high-quality, coherent information security PSGs
- Harmonize GPS information security documentation with EY enterprise policies and standards, NIST security requirements, the DoD Cloud Computing Security Requirements Guide, and applicable regulatory obligations
- Collaborate with Information Security, Information Technology, Data Protection, Legal, and other internal stakeholders to support consistent implementation of information security requirements Identify and monitor appropriate information security training for all GPS personnel. While some training may be obtained, custom training will need to be developed
- Stay up to date with the latest best practices, industry trends, and government security regulations to proactively maintain compliance
- Collaborate with external assessors and auditors and government officials during security audits and assessments
- Organize, structure, and prioritize information from multiple technical, regulatory, and business sources
- Balance information security requirements with business objectives, technical risk, and operational impact
- Apply sound judgment and creative thinking while considering multiple perspectives and constraints
- Adapt to shifting priorities, ambiguity, and evolving regulatory or security requirements
- Work independently with minimal direct supervision while maintaining accountability for outcomes
- Focus on conveying complex information clearly, concisely, and effectively
Requirements:
- Bachelor's degree in information security/assurance, computer science, or a similar technical field
- A minimum of 3+ years of experience in information security, with a preferred focus on US government security requirements and compliance
- Experience developing and implementing security policies, standards, and procedures in alignment with government security requirements
- Excellent communication skills, with the ability to effectively articulate complex security concepts to both technical and non-technical stakeholders
- Experience working in information security and understanding of information security concepts
- Knowledge of information security policies/principles of handling and protecting information
- In-depth understanding of NIST security documentation and CMMC framework such as FIPS and NIST-171 and 800 Series publications and their application
- In-depth understanding of DFARS related security requirements and their application
- General technical knowledge of operating systems, databases, networks, mobile technologies and cloud services
- Strong English language skills are required – written and verbal
- Good writing, presentation, interpersonal, and collaborative skills
- Ability to collaborate with others to facilitate and enhance compliance with policies
- Maintain awareness of the current security threat landscape
- Experience with coordinating tasks, allocating resources, and following tasks and projects through completion
- Experience with Microsoft Office (Word, Excel, PowerPoint, Visio, and Copilot)
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified CMMC Assessor (CCA) are highly desirable
- Ability to obtain and maintain a Top-Secret Security Clearance