Back to all jobs

Information Security Policy Analyst, Senior

Booz Allen

Dec 14

Information Security Policy Analyst, Senior

Key Role:

Work with the VA customer to discover and mitigate cybersecurity risks, understand and apply policies to address requests for information on cyber best practices, conduct modified risk assessments, and provide information system security expertise to ensure the appropriate operational security posture is maintained for research information systems and research study protocols. Develop new policies or addenda to existing research policies that apply minimal appropriate security mitigations in support of research mission objectives. Conduct information security reviews on VA sponsored and industry sponsored clinical trials. Develop security reports, standard operating procedures, and other security policy artifacts and conduct training on research related cyber practices. Work with your client to ensure information security reviews are conducted in accordance with VA Research guidance and directives to help the client ensure that research information systems, applications, research scientific computing devices, and software used in research meet VA and NIST standards. Work with the VA research community and facility ISSOs to ensure clinical studies and trials are protecting veterans' sensitive data. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia. 

Basic Qualifications:  

  • 5+ years of experience with policy analysis utilizing NIST special publications, including RMF and NIST security controls, such as SP 800-37 and 800-53

  • Experience with Microsoft Office, including Word and PowerPoint

  • Experience in applying information security and assurance principles 

  • Experience in security policy-driven approaches for various modalities, including devices, technologies, and platforms, of data storage and transmission

  • Ability to review and reply to Requests for Information from research partners utilizing current VA Handbooks, Directives, and NIST guidance within a standardized timeframe 

  • Ability to perform risk analysis, vulnerability assessments, and information security reviews in accordance with FISMA reporting 

  • Ability to communicate with key stakeholders, process owners, and customers to manage expectations, eliminate gaps, and ensure success

  • Ability to develop and conduct training

  • Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements

  • Bachelor's degree in CS, EE, Engineering, or Technology, and 10+ years of experience working in a professional environment or 18+ years of experience working in a professional environment in lieu of a degree

Additional Qualifications:

  • Experience working directly with clients to provide solutions 

  • Experience with security considerations specific to research environments

  • Experience with research scientific computing devices, special purpose systems, and operational technology 

  • Experience with the VA

  • Knowledge of VHA Research and Development Policies, Handbooks and Directives, data security and governance, or HIPAA 

  • Ability to work flexibly in a very fast-paced environment 

  • Possession of excellent customer service and organization skills 

  • Possession of excellent verbal and written communication skills 

  • Public Trust

  • CAP, CISSP, CISM, PMP, or CCSK Certification preferred


Applicants selected may be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client. 

The proposed salary range for this position in Colorado is 110,000 to 129,000. Final salary will be determined based on various factors. 

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.